Brian A. Tufteea1
Cyberspace Law Seminar, Spring 2002 Semester
I. Introduction
The Digital Millennium Copyright Act[1] (“DMCA”) was envisioned to be the necessary step to move U.S. copyright law into the digital age.[2] The DMCA offers profoundly strong protection to copyright owners who wish to protect access and copying of their works through the use of encryption and other security measures. The anti-circumvention and anti-trafficking provisions of the DMCA make it illegal for most users to interfere with the effectiveness of such security measures.
Unfortunately the DMCA has also been used aggressively as a tool to thwart fair use and free speech, and threatens to move our society ever towards a world where copyright owners pull all of the strings, and can control not just copying, but access and use as well. This paper will express the view that the anti-circumvention and anti-trafficking provisions of the DMCA are being applied without regard for fair use, and may in fact be unconstitutionally extending the copyright monopoly and harming free speech. Congress must either act to amend the DMCA, or courts must narrow the scope of the DMCA, in order to prevent technological controls from making fair use irrelevant.
II. Copyright Basics
Copyright law derives from an affirmative grant of power in the U.S. Constitution, known as the Copyright clause.[3] The stated purpose of copyright law is to advance the progress of the arts by securing certain exclusive rights to copyright owners.[4] In doing so, copyright law strikes a balance between protecting the copyright owners, and providing society with a wealth of public domain material and advancement in the arts. Currently, the copyright protections extend for 95 years for works made for hire, or 70 years plus the life of the author for works that are not made for hire.[5] This time period is designed to allow the copyright owner time to profit, yet it ensures that someday the fruits of their labor will become public domain, free for all to use.
There is already a great wealth of material available in the public domain. It seems that every few years Hollywood will make a movie based on a play by Shakespeare, or a novel by Jane Austen or Charles Dickens. Today’s moviemakers can build upon the works of previous authors, and at the same time gain copyright protection for their own additions to the arts.
The heart of copyright law is the package of exclusive rights that every copyright owner holds. These include the right to make reproductions of the work, the right to perform or display the work publicly, and the right to create derivative works based on the original work.[6] These exclusive rights are what make copyright ownership so profitable, and why media companies aggressively protect their intellectual property.
Fair Use
The exclusive rights ensure that a copyright holder will have a virtual monopoly over the work in question. Yet these rights are not absolute. Fair use, which was originally a judicially created doctrine, was designed to temper the somewhat draconian restrictions that could be placed on copyrighted material by the author.[7] The essence of fair use is that certain violations of the copyright law are forgiven, when the use is of a certain character. When Congress made a major overhaul of copyright law in the Copyright Act of 1976, it specifically codified the law of fair use.
The fair use provisions of copyright law, located at 17 U.S.C. § 107, use a four-part balancing test to determine whether or not a specific infringement is nonetheless excepted under fair use doctrine. The four parts of this test are:
Nature and Purpose of the Use: This factor is interested with the goal or motive behind the infringing use, and asks, among other things, whether it is commercial in nature or educational. Certain types of uses are specifically mentioned in the preamble for § 107, as are uses that are scholarly, for research, or teaching. In general, commercial uses are disfavored by fair use doctrine, and noncommercial uses are approved of.
Nature of the Original Work: Works which are creative in nature are more strongly protected than works which are largely factual, and this factor is designed to give weight to this distinction. Also included in this factor is the question of whether or not the work has been previously published or not. The fact that a work has already been made public will weigh in favor of a finding of fair use. This factor is exclusively concerned with the original work, and makes no reference to the nature of the infringing use.
Amount and Substantiality Used: This factor asks the court to look at how much of the original work has been reproduced or otherwise infringed by the new work. Brief excerpts of a protected work are more likely to be fair use than wholesale copies of a protected work. This factor is not just concerned with the sheer percentage of the original work which is used, it is also concerned with how substantial the portion of excerpted material is in relation to the whole. Thus, an excerpt of only a few pages out of a book, when those pages contain the essence or heart of the protected work, will weigh strongly against a finding of fair use, even though the excerpted pages represent only a fraction of the whole work.
Market Effects: The last factor looks to the effect of the infringing work on the market for the original work, to the extent that the infringing work acts as a market substitute for the original. When the infringing act makes it unnecessary to purchase the original, then there is a strong presumption against fair use. Instead, this factor is only concerned with the possibility that the new work will somehow supersede the original in some fashion.
Together, these four factors comprise the balancing act that is fair use. While it is hard to quantify the weight that each factor should be given (the statute itself provides no guidelines), the courts have provided guidance in this area. When the original purposes of copyright law are considered, it seems obvious that the fourth factor, market effects, should be given much weight.[8] The main reason behind the copyright monopoly is to enable the author to profit from his or her efforts. For this reason, fair use will generally be denied when the infringing use tries to “muscle in” on the market territory formerly occupied by the original.
Additionally, the first factor, nature of the use, is tied back to the original purpose of copyright law in general, that is to promote the advances of the arts.[9] In fact, educational uses are highly protected by fair use, and there are very few cases where a wholly educational use is not fair.[10]
Fair use is therefore a mechanism for permitting some otherwise protected works to be effectively treated as if they were in the public domain and free for the taking. Fair use permits you to make backup copies of copyrighted computer software that you already own. It lets you quote samples out of a copyrighted book in your term paper, without fear of prosecution. It lets you make copies of the music you already own, for your private use.[11]
Unfortunately, the DMCA now stands between users and the copyrighted materials that they would desire to make fair use of. As will be discussed below, the DMCA gives copyright holders unprecedented power to control access and distribution of their works, effectively denying fair use to the millions of users out there who lack the computer skills to defeat the encryption controls that stand in the way of fair use.
III. The DMCA Generally
The DMCA was enacted in 1998, with the stated goals of modernizing copyright law and bringing the U.S. in compliance with the Berne Treaty.[12] The DMCA is concerned exclusively with digital content, and how it is accessed and controlled in relation to the exclusive copyright rights. Of chief concern to this paper are the anti-circumvention and anti-trafficking provisions. These provisions are concerned with access controls, which can be used to verify authorized use of copyrighted material. Since these provisions are central to this paper, a brief discussion of access control is appropriate.
Access Controls and Encryption
Every DVD for sale in stores today contains a type of access control known as Content Scramble System, or CSS. CSS uses principles of encryption to protect access to the underlying work. When content is contained in digital form, consisting of a stream of zeros and ones that represent the binary form of the data, it can be protected from unauthorized access by using encryption.[13]
Encryption is simply any method which is used to hide information from unwelcome eyes.[14] Sophisticated mathematics and computers have enabled extremely strong forms of encryption to be developed to hide content. Encryption makes it possible for business to be transacted safely over the internet, and it makes it possible to send secure e-mail messages using PGP and other software which employs the RSA algorithm.[15]
CSS works by taking the unencrypted data (the MPEG[16] file containing the movie), and applying an encryption function. This function takes the MPEG file and scrambles the original data, which is called the plaintext, into what is called ciphertext. The ciphertext still appears as a series of 1s and 0s, but it has been scrambled so that it is useless to any computer that could read it. Only when one applies a digital key can the ciphertext be returned to the plaintext, which can then be displayed as a MPEG movie on your television set.
Every DVD that is manufactured with CSS protection contains a series of digital keys within the data on the disc. Also, each DVD player contains a matching key, which can be used by the player to unlock the ciphertext, and play the movie. This technology does not prevent a bit-for-bit copy of a DVD being made with the correct hardware; it only controls playback and manipulation of the underlying MPEG movie file.[17] Still, CSS is able to effectively limit direct copying of DVDs, since commercially available DVD burners are programmed with the inability (to escape DMCA liability) to make copies of CSS protected movies.
CSS is but one form of access control which copyright owners have used to protect their digital content. Adobe E-books are protected with an encryption system, as are some new music CDs which are being sold today.[18] These systems demonstrate the increasing popularity of such controls. We are now reaching the point at which nearly every valuable piece of digital intellectual property is protected with some form of access/copy protection.[19]
Circumvention Technologies
Code breaking and decipherment have existed as long as encryption, and the movement into the digital age has only given each side new tools in this war. As copyright holders develop new protection technologies, there are individuals right behind them working to defeat those technologies. Often times the purpose behind the circumvention is wholesale piracy, without any legal merit. But many times there are legitimate reasons that individuals may wish to break access/copy protections on the copyrighted works they own.
DeCSS is the most famous circumvention tool currently, and was developed originally in 1999 by a young computer programmer in Norway.[20] The programmer was attempting to reverse-engineer a computer DVD-ROM player to adapt its use for Linux based computer systems. In the process of reverse-engineering the DVD player, the programmer discovered the digital keys that the player used to decode the CSS-encrypted content on DVDs. As a result of knowing the digital key values, it was possible to write a software program that could effectively crack the CSS protection used on any DVD. Until the creation of DeCSS, there was no way for the consumer to get access to the MPEG files located on their DVDs. Other examples of circumvention tools include Streambox, Inc.’s Streambox VCR which can be used to capture certain types of “streaming” content, provided by RealNetworks, from the internet that is not normally capable of being saved to an individual’s hard drive,[21] and ElcomSoft’s program which can strip copy protection from Adobe Ebooks.[22]
The DMCA’s Anti-Circumvention and Trafficking Provisions
The DMCA makes a specific distinction between access controls and copy controls with regards to digital materials. The DMCA defines an access control as any measure, which, in the “ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.”[23] The DMCA also deals with technology which protects the exclusive rights of the copyright owner.
The DMCA deals with access and copy controls in three specific provisions. First, there is a general prohibition against circumventing access controls, contained in section 1201(a)(1)(A). Second, there is a prohibition against trafficking in technology which can circumvent access controls, in section 1201(a)(2). Finally, there is a prohibition against trafficking in technology with can circumvent copy controls, at 1201(b)(1). It should be noted that there is no prohibition on the circumvention of copy controls, possibly for the reason that if one circumvents a copy control and then makes an unauthorized copy, the copyright law already prohibits the act of making the unauthorized copy.
Of critical importance to this paper is the preservation of fair use as an affirmative defense. The DMCA explicitly declares fair use to be available as a defense to actions under Title 17, which should naturally include the anti-trafficking and anti-circumvention provisions of the DMCA. Unfortunately, courts seem to be paying lip service to this section of the DMCA, as can be seen in the exploration of the DeCSS saga.
IV. Litigation under the DMCA: Universal Studios v. Corley[24]
The first real test for the DMCA came in the form of DeCSS. After the creation of DeCSS in Norway in 1999, it spread like wildfire over the internet. It is impossible to estimate the number of websites that currently have copies of DeCSS available for download, but it must number in the thousands.[25] With DeCSS effectively available to anyone with a computer and an internet connection, DVD owners around the world were able to crack the encryption surrounding their DVDs and extract the underlying MPEG movie files.
The widespread panic that hit the movie industry upon the release of DeCSS led to quick legal action by the studios. Since they were unable to take direct legal action against the inventor of DeCSS, the movie studios hoped to do the next best thing: they attempted to crack down on websites which made DeCSS publicly available for download.[26] The target for the movie industries was the website www.2600.com, and its operator Eric Corley. The injunction was granted in August, 2000, and was appealed to the Second Circuit in May 2001.
The Issues
Corley raised two basic arguments on appeal. First, that the distribution of DeCSS was protected under the First Amendment, and second, that the DMCA unconstitutionally limits fair use under the copyright clause. While the First Amendment issues presented in Corley are significant, the heart of this paper deals with fair use. As such, only the fair use discussion will be analyzed here in Corley.[27]
Corley raises what appears to be a relevant, point, that CSS can effectively block anyone from making fair use of a DVD movie. Without the tools to unlock CSS, a user will be unable to do more than point a video camera at his television set, or run the output from his DVD player through his VCR and attempt to record the movie in analog format.[28] Then the user would have to convert the analog videotape signal back to a digital format and then make use of the material. The loss of quality and clarity in the image and sound in this process is substantial, and the user is left with but a shadow of the original CSS-encrypted DVD movie. With DeCSS, however, a user can directly make a perfect copy of the DVD movie onto his hard drive, with substantially less hassle as well.
Corley then argues that since CSS effectively makes fair use impossible or at least impracticably difficult, it oversteps the copyright monopoly unconstitutionally. There are several reasons for believing this to be so. While the U.S. Supreme Court has never come out and flatly said that there is a constitutional right to fair use, they have used language in cases that comes close.
In Harper & Row Publishing v. Nation Enterprises,[29] the Supreme Court quoted language from a scholarly article on copyright law to suggest that fair use is necessary to some extent to assist in promoting the underlying aims of the copyright law, that is to promote the useful arts and sciences. The inability for current authors to build upon the works of their predecessors would place a large roadblock in the way of progress. Furthermore, in Campbell v. Acuff-Rose Music, Inc.,[30] the court indicated that some opportunity for fair use has been thought necessary to effectuate the very purpose of copyright law. It seems therefore that fair use is, to some extent at least, required by the constitution.
The court in Corley has a comeback to this argument, namely that the violations of the DMCA that Corley was charged with have nothing to do with Corley making fair use of a copyrighted material. Instead, Corley is trafficking in software which cracks encryption.
Additionally, the court notes that there is no right to have the best possible source material available in making fair use of a copyrighted material. The court says that fair use law has never been held to guarantee access to the original work in identical format. Corley likens this approach to fair use as being a "horse and buggy" method for making fair use of DVD movies. As a result, Corley loses his appeal and the injunction against him is upheld.
V. The Problems With The DMCA Exposed By Corley
Corley highlights the crux of the argument against the way the DMCA is currently being applied by the courts. The DMCA effectively takes the defense of fair use, and divides the world of potential copyright infringement defendants into two classes: those who have the technological savvy to break encryption controls on their own, and those who must rely on others to break those encryption controls for them. Those in the first group will be able to make full fair use of digital copyrighted materials. Those in the second class, assuming the DMCA could be enforced perfectly to eliminate all trafficking, would at best be able to make limited fair use of digital copyrighted materials, or worse, no use at all.
The Statutory Framework of the DMCA
The problem with the way that the DMCA is worded is that it forces a disconnect between the individual user who wishes to make fair use of a work, and the person who would supply the technology with which to make fair use. As the courts see it, the fair use defense can only apply to section 1201(a)(1)(A), which applies to directly circumventing the access controls guarding a copyrighted work. Anyone charged with a violation of the anti-trafficking provisions of the DMCA, however, is unable to claim fair use as a defense, for the rather obvious reason of not actually being engaged in fair use of a work.
This creates a strange distinction in fair use law, and it is a distinction without difference. Let's say that Alice owns a DVD movie, and wishes to create a new work of art by taking digital frames out of the DVD movie, and manipulating them to produce a rather eclectic looking collage for her art class. Unfortunately for Alice (and the public as a whole who would be benefited from this addition to the arts), she does not have any programming skills whatsoever. If Alice wants to make her collage, she must use a camera to take pictures off of her television set, scan them into her computer, and work with the substantially degraded image.
Now let's suppose that Alice has a friend named Bob, who just happens to be a computer whiz. Alice lets Bob know of her difficulties, and Bob has the instant solution. Bob goes to google.com or some other WWW search engine, types in "DeCSS" for his search text, and has downloaded a copy of DeCSS to his hard drive within minutes.[31] Bob brings the program over to Alice's apartment on a disc, loads the software onto her computer drive, and within minutes Alice has digitally perfect stills of the DVD movie to use in her collage.
Alice certainly has fair use available as a defense, should she be charged under the DMCA. While she did circumvent an access control, she did it for educational, nonprofit reasons, the newly created work was transformative, she only used a fraction of the content on the DVD, and her actions have in no way harmed the market for future sales of that particular DVD. She will undoubtedly escape liability from the DCMA. Poor Bob, on the other hand, is in a much worse position. By transporting the DeCSS program to Alice's computer, Bob has probably trafficked in a circumvention technology, as has the website which posted the DeCSS code that Bob downloaded. Even though the underlying use that DeCSS was put to in this case was excepted under fair use, Bob's actions in assisting Alice are not. This illustrates the fundamental problem with the way courts are currently interpreting the DMCA and its preservation of fair use. What courts are failing to realize, it seems, is that access/copy controls and the underlying copyrighted work are linked intimately, and if fair use can forgive the unauthorized copying of a protected work, then there is no legitimate reason to protect the access/copy controls in those circumstances where fair use of the copyrighted work is allowed.[32] It is as if Congress has made an analogy with safecracking: the copyrighted movie is the money, and CSS is the safe. It is acceptable in some cases to break into the safe, but only if you do it by yourself. If someone helps you out, then that person is in big trouble. And never mind the fact that you may not be able to crack the safe without someone's help. In that case, tough luck for you, and tough luck for the advancement of the useful arts and sciences.
Copyright Overextension
This overprotection of the lock, when the contents inside the safe are not protected as highly, amounts to a broad overextension of the copyright monopoly.[33] Imagine that a movie studio releases a DVD today of a very old movie. In three years the movie will be in the public domain, and no longer protected by copyright law. If I own that particular movie on DVD, after three years, I can copy it, publicly display it, and do just about anything else that I want to with it, without running afoul of copyright law. There's just one problem however: CSS stands in the way between me and my legitimate use of the movie. This is not even a case of fair use, since the work is wholly unprotected. In this example, it's easy to see how CSS can be used to improperly extend the copyright monopoly. If a movie studio keeps tight control of its properties, and if CSS had never been broken, then the movie in question could effectively be kept out of the public domain forever, despite the time limits imposed by current copyright law.
This is not to say that CSS and other technologies like it are per se invalid because they have the potential for locking up works. Quite to the contrary, technological based protections are incredibly important to the modern digital world. Piracy is a constant threat to copyright holders everywhere.[34] The problem with the DMCA, however, is that it fails to draw a line between those instances of trafficking which are incident to fair use, and those which are incident to piracy and wholesale copyright law violation.
At one time during the debates over the DMCA in Congress, serious concerns were expressed about the lack of an explicit fair use defense in the anti-circumvention provisions of the DMCA. It was of great concern that the DMCA would be shifting the balance of copyright law too far into the hands of copyright owners, at the expense of those would make fair use of works.[35] These concerns were ultimately ignored, as the DMCA contains only a passing reference to the preservation of fair use as a defense, and no specific exemption for the anti-trafficking provisions. As a result, the balance has shifted, and as will be seen, there is an ever growing threat that copyright holders will use technology to increase their stranglehold on consumers.
First Amendment Issues
There is great potential for the anti-trafficking provisions of the DMCA to be used as a tool to stifle legitimate research into encryption and codebreaking. In fact, the DMCA has the rather unique ability to criminalize activities that were once acceptable. For example, the RSA encryption algorithm is currently the most advanced form of encryption in use in the world. It is also the subject of a good deal of scholarly research and development. This research has immense value, since it allows users of RSA to anticipate weaknesses and defend against potential hacker invasion.
What if the government were to pass a law which prohibited research into RSA? Such an endeavor would likely violate the First Amendment, since such a content-based restriction on speech would be practically always illegal. Even those types of speech which involve issues of national security and defense, as did the Pentagon Papers case,[36] are protected under the First Amendment.
Now suppose that a company comes along and decides to create a new online digital music format that uses the RSA encryption algorithm to control access to the music. The day that this new music format is released to the world, any research into the weaknesses of RSA is instantly suspect under the DMCA. Anyone who unwittingly makes their RSA research public would be guilty of trafficking in an anti-circumvention technology in violation of section 1201(a)(2). Thanks to the DMCA, it is now quite easy for content owners to privately criminalize conduct which was previously untouchable under the First Amendment.
This discussion is not just an abstract concern. For an excellent example of how the anti-trafficking provisions of the DMCA can be used to stifle speech, consider the Secure Digital Music Institute's ("SDMI") challenge to hackers to defeat a sample security provision designed to protect digital music. When Princeton professor Edward Felten and a team of researchers successfully broke the SDMI's security scheme, they planned to publicly present the results of their research.[37]
Instead of being warmly welcomed by the SDMI and the Recording Industry Association of America ("RIAA") for helping them on the road to designing a secure digital music format, they instead threatened Felten and his team with a lawsuit under the DMCA.[38] In this case, it is clear that the DMCA Can be a useful tool for thwarting not only piracy, but free speech as well. Hopefully a case will present itself in the future that draws the fair use/First Amendment argument more clearly, revealing the extent to which courts have been over-applying the anti-circumvention provisions of the DMCA.
There are also real concerns over the effect that the DMCA will have on legitimate online journalism.Wired in scope. And in Corley, the mere act of linking alone, without actually posting the offending DeCSS code, was sufficient to meet the DMCA's broad language in its anti-trafficking provisions.
This has serious implications for the freedom of the press guaranteed by the First Amendment. As the defendants in Corley put it, in journalism, "you have to show your evidence".[39] For the operators of www.2600.com, this meant providing its readers with the means to actually check out DeCSS and see that it was capable of doing what Corley in fact claimed it could. Leaving out a link to DeCSS would be akin, as Corley said, to writing a news article about a fantastic event that was captured on film, and then not actually posting any pictures.[40]
With the DMCA now in place, journalists of all types will need to tread cautiously on the subject of DeCSS, or any new technological circumvention method that comes into existence in the future. A web site which describes how incredibly weak the Cactus Data Shield[41] CD technology is includes a list of DVD-ROM drives which are unaffected by the CDS access control.[42] By describing a newsworthy[43] issue in detail, this website has arguably stepped into the realm of prohibited conduct under the DMCA. This potential for interference with the freedom of the press raises even more doubts over the broadly worded anti-trafficking provisions of the DMCA.
VI. The Future of Copyright Under the DMCA
With the expansive protections that have been granted to copyright owners, the world will increasingly become one where copyright owners hold all the cards, and can decide when, where, and how users can make use of the copyrighted materials they purchase.
The DIVX Experiment
At the time that the DVD format was being developed, an idea was born in mind of a prominent Los Angeles entertainment law firm. Instead of selling consumers a DVD movie that they could watch and play as often as they liked, it was imagined that technology would allow complete access control over watching the movie. With a specially equipped player, and a specially formatted DIVX DVD, consumers could purchase a movie for around $5 (instead of the prevailing $25 or so that ordinary DVD movies were selling for at the time), pop it into their DIVX player, and have a certain time period in which to watch the movie.[44]
Essentially, DIVX was a high-tech rental system, except you never needed to return the movies to the video store when you were done with them. Your $5 purchase entitled you to watch the movie a few times, and if you wanted to watch more, your DIVX player would connect with the central DIVX billing system, whereby you could purchase additional viewings. On the other hand, if you were done with the movie, you could simply toss it in the trash. DIVX was a dream come true, or at least it appeared that way.
Copyright owners no longer needed to completely give away their rights to the consumer. Instead of charging the consumer once, regardless of how many times the consumer watches the movie, or whether or not the consumer lends the movie to a friend, or even sells it to someone else, the copyright owners could now dictate with precision how the consumer could use the movie they had just purchased.
What DIVX Could Have Been
The possibilities behind DIVX were immense. Movie studios could track which consumers viewed which movies, and target them with specific advertising and deals. Unauthorized use of the DIVX movie was sharply curtailed, since one needed a DIVX compatible player and an account set up with the central DIVX billing office to view movies. Even if you could pirate a bit-for-bit copy of a DIVX movie, it would be very difficult to actually watch it.
DIVX ultimately failed for several reasons. Because DIVX was a joint venture with Circuit City stores, competitors of Circuit City refused to carry DIVX players.[45] Because DIVX came not from the studios, but from Circuit City, there were initial problems with licensing new titles for DIVX. Finally, other movie studios that were already well invested in traditional DVD sales saw DIVX as a threat, along with video stores that feared losing rental business.[46] If DIVX has been conceived of from the start by the movie studios instead of an L.A. law firm, it's quite possible that we would all be using DIVX as our DVD format.
What if our society was turned into a pay-per-view world, as it was put by then-senator John Ashcroft[47] during the debates on the DMCA? There would still be a glimmer of hope, in the form of fair use. If I purchase a DIVX DVD, and have some way to crack the encryption in order to watch the movie whenever I wish to, then I have regained some of the freedom that originally existed before the advent of the digital age. The power of fair use to restore copyright law to its fundamental interests cannot be overlooked lightly.
Use Versus Copying
Up until the passage of the DMCA, the copyright law generally did not care how a consumer made use of the copyrighted work that they own, save for the rarely relevant restriction on public display of the work. All that copyright law was generally concerned about was making unauthorized copies.[48] Previously, if you owned a copyrighted work, you could make practically any private, noncommercial use of it.[49] You could take a CD you owned and copy it a thousand times (for your own personal use of course, to fall within fair use), and listen to it wherever and whenever you pleased.
The question then becomes whether or not we would be willing to let the movie and music industries extend their power beyond the copyright law, through the use of access and copy controls. The copyright law gives the movie studios no right to control access to movies in the way that DIVX did, yet it does not prohibit it either. Without the DMCA in place, consumers would be free to crack the encryption on DIVX movies they had purchased, since this would not violate copyright law in any way. But now, with the DMCA, movie studios have a powerful tool to prevent the hacking of their access controls, effectively extending their power beyond what is required by copyright law.
The DMCA therefore gives copyright owners the ability to do far more than simply prevent piracy of their intellectual property. It effectively adds another exclusive right to those already granted by existing copyright law, namely the right to control use of the copyrighted work under any circumstances that the owner sees fit. And as digital encryption technology increases in power, it will be more and more difficult for even the computer savvy to crack the technology and make fair use on their own, let alone distributing circumvention technology to others. It took two years for hackers to crack CSS, and their success was partially due to the fact that the particular DVD-ROM drive they had selected to reverse-engineer had its digital keys poorly protected.
When the next generation access control comes along, it may become incredibly difficult to break, leaving consumers with no opportunity for fair use whatsoever.[50] Through the use of encryption and other digital security measures, copyright owners will effectively be able to dictate the terms and conditions on which consumers can use works they have lawfully purchased. There is a real threat that many of the freedoms that our society has come to associate with copyrighted material, namely the ability to view it, transfer it, and share it with friends, will be removed by content owners in the future.
VII. What Can Be Done To Restrike The Copyright Balance
The balance in copyright law between the public and copyright owners has arguably shifted strongly in favor of the owners. However, there is much that can be done to move this balance back to where it should lie. This will require courts to start recognizing the potential unconstitutionality of overbroad applications of the anti-trafficking provisions of the DMCA, or an amendment by Congress to include a fair use defense.
Judicial Reform of the DMCA
It is well settled that courts should construe statutes narrowly in order to avoid constitutional difficulties. To date, however, courts have been unwilling to recognize that the overbroad application of the anti-trafficking provisions of the DMCA are potentially unconstitutional. It seems clear that the overbroad application of the anti-trafficking provisions and their effect on fair use will have a constitutional implication.
Fair use and the First Amendment are tied closely together, because of the copyright clause. The First Amendment exists to prevent Congress from restricting speech, yet that is exactly what copyright law is capable of doing in certain circumstances.[51] In order to relax this effect somewhat, fair use can be used to permit the existence of certain types of speech that would otherwise be affected by the copyright laws.[52]
Arguably then, a statute which sweeps broadly and has the effect of diminishing the potential for fair use will implicate the First Amendment to some extent. It is hoped that the U.S. Supreme Court will look closely at the issues in Corley, or similar challenges under the DMCA, and finally decide how fair use will exist as a defense under the DMCA. If the courts ultimately decide this issue to the detriment of fair use, Congressional action is the last alternative.
Congressional Action
Congress created the DMCA, and it is only appropriate that Congress should recognize the fair use issues being implicated by the anti-trafficking provisions. There is already talk in Congress about amending the DMCA. Representative Rick Boucher is an advocate for new legislation which would amend the DMCA to include several new protections designed to temper the harsh results mandated by the anti-trafficking provisions.[53]
Additionally, it would be possible to modify the overbroad language contained within the anti-trafficking sections of the DMCA, to limit their application to those cases that truly warrant it. Currently, the anti-trafficking provisions of the DMCA prevent anyone from manufacturing, importing, offering to the public, providing, or otherwise trafficking in anti-circumvention technology. The incredibly broad use of the terms "providing" and "offering to the public" create the most difficulty with regards to potential encroachments on the First Amendment.
Congress must act to remove the barriers to fair use that are codified in the DMCA, and even if the courts come around and broaden the rights of consumers to make fair use, Congress should nevertheless amend the DMCA to make it unequivocally clear that fair use is an integral part of the DMCA, and will continue to receive the protection that it has for the last 150 plus years.
VII Conclusion
Copyright law, which exists to promote the useful arts and sciences, has traditionally struck a balance between providing long-term monopoly protection to content owners, and providing public domain and fair use rights to the masses. With more and more copyrighted content being distributed in digital form, the anti-circumvention and anti-trafficking provisions of the DMCA threaten to give copyright owners unprecedented control over their works.
The DMCA is being used regularly as a tool to thwart not only legitimate
fair use rights, but also free speech as well. Congressional and
judicial action is needed to correct this imbalance in the copyright law,
before content owners stand in the position of being able to dictate the
terms on which we are permitted to use and access copyrighted material,
to the ultimate detriment of society as a whole, and in direct opposition
to the goals of copyright law.
a1 Candidate for Juris Doctor at the University of Iowa Law School, 2002. B.S.M.E. from Iowa State University in 1998. This paper was written for Cyberspace Law Seminar, Spring 2002, Professor Nicholas Johnson.
[1] 17 U.S.C. §1201 et seq. (1999).
[2] Universal Studios v. Corley, 273 F.3d 429, 440 (2nd Cir. 2001).
[3] U.S. Const. art. I, § 8, cl. 8.
[4] Id.
[5] 17 U.S.C. § 302. The copyright term for works made for hire is, more specifically, 95 years from the date of first publication, or 120 years from the date of creation, whichever is shorter.
[6] 17 U.S.C. § 106.
[7] For a discussion of the history of fair use, see Campbell v. Acuff-Rose Music, Inc., 510 U.S. 569, 575-76 (1994).
[8] Campbell, 510 U.S. at 590.
[9] Id. at 579.
[10] The fact that an infringement is wholly educational in nature is not an absolute shield from liability under the Copyright Act, any more than a wholly commercial use is always going to be an infringement. Campbell, 510 U.S. at 584.
[11] The Audio Home Recording Act of 1992 specifically makes an exception for this type of activity, however, prior to its enactment, such activity was arguably protected under fair use.
[12] Corley, 273 F.3d at 440.
[13] Encryption is, of course, not strictly limited to digital information. In fact, encryption has been around for as long as communication itself. Encryption has been used to protect information in Egyptian Heiroglyphics, Roman military communications, and German WWII Enigma messages. For the purposes of this paper, only digital content is of concern, since this is the focus of the DMCA.
[14] For a beginner's level introduction into the fascinating world of encryption, see Simon Singh, The Code Book, (Anchor Books 2001).
[15] See http://www.howstuffworks.com/encryption.htm for a basic introduction to encryption principles.
[16] MPEG stands for Motion Picture Experts Group, and is an organization which sets standards for digital audio and video content. The DVDs are designed to meet the MPEG-2 standard. See http://mpeg.telecomitalialab.com/
[17] Corley, 273 F.3d at 438 n.5.
[18] See note 18, infra.
[19] The notable exception to this trend is CD music. CDs were developed long before the arrival of the digital age, at a time when home computers were incredibly primitive, and the internet was still the tool of university researchers and the military. The original CD format therefore contains no encryption technology. There are some new CDs being manufactured that contain a very weak form of encryption, known as the Cactus Data Shield. Since these new CDs are trying to piggyback access control onto a technology that was never designed for it, there are serious compatibility issues with some types of hardware. See http://news.com.com/2100-1023-817937.html.
[20] Ryan L. Van Del Elzen, Decrypting the DMCA: Fair Use as a Defense to the Distribution of DeCSS, 77 Notre Dame L. Rev. 673, 674-75 (2002).
[21] Realnetworks, Inc. v. Streambox, Inc., 2000 WL 127311, *8 (W.D. Wash. 2000).
[22] See http://www.cnn.com/2002/TECH/industry/02/18/copyright.law.idg/index.html for a discussion of the Adobe Ebooks case and the ongoing saga of programmer Dmitry Sklyarov.
[23] 17 U.S.C. §1201(3)(b).
[24] 273 F.3d 429 (2nd Cir. 2001).
[25] At the time of the opinion in Corley, the court stated that "hundreds of websites" had posted or linked to DeCSS. Corley, 273 F.3d at 439. This number has only grown exponentially in the months since Corley was decided.
[26] Corley, 273 F.3d at 439-40.
[27] The implications of the DMCA conflicting with First Amendment rights are discussed briefly in section V of this paper briefly. Corley advances several additional unique First Amendment arguments which, while interesting, are beyond the scope of this paper.
[28] Since the analog output from a DVD player employs the Macrovision copy protection system, a user would be required to obtain special equipment in order to make a useful VCR-based copy of a DVD movie.
[29] 471 U.S. 539, 549 (1985).
[30] See note 7, supra.
[31] Incidentally, doing this on the Google search engine produces around 100,000 hits. It took me less than a minute to locate a copy of DeCSS for downloading. Fortunately, I did not actually download DeCSS and make myself amenable to being charged with violating the DMCA. One wonders though, if by writing out these instructions, I have unwittingly trafficked in a circumvention technology anyway.
[32] With digital works, access is a necessary prerequisite for any form of use. See Jeanneret, The Digital Millennium Copyright Act: Preserving the Traditional Copyright Balance, 12 Fordham I.P., Media, & Ent. L. J. 157, 175 (2001).
[33] The concept of copyright misuse is also applicable here, but not discussed since there seems to be a good deal of confusion on whether or not to recognize the existence of copyright misuse as a defense to infringement. Put generally, copyright misuse occurs when a copyright owner overreaches in obtaining a monopoly or right which is not granted by copyright law. See Lasercomb America, Inc. v. Reynolds, 911 F.2d 970, 976 (4th Cir. 1990) (recognizing copyright misuse as a defense).
[34] The so-called Copyright Industry, made up of print, music, and movies, grossed $457 Billion in 2000.
[35] See note 19, supra, at 690-91.
[36] New York Times Co. v. United States, 403 U.S. 713 (1971).
[37] http://www.cnn.com/2001/TECH/industry/08/22/copyright.law.idg/index.htm.
[38] http://www.cnn.com/2001/TECH/ptech/08/15/sdmi.presentation.idg/index.html
[39] Corley, 273 F.3d at 436.
[40] Id.
[41] The Cactus Data Shield, designed by Midbar Tech, is a form of access/copy control which is being added to some newly manufactured music CDs. By tweaking some of the locations for data storage on the CD, and using other methods, the CDS technology tries to make it impossible to play CDs on a computer using any media program except for the one provided on the CD. It also tries to make it impossible to take the WAV files located on the CD and rip them into MP3 format.
[42] http://www.techtv.com/screensavers/supergeek/story/0,24330,2391656,00.html
[43] There is much that is wrong with access and copy protection on music CDs. The Audio Home Recording Act, 17 U.S.C. §1001 et. seq., may prohibit such technology if it interferes with the ability of consumers to make private noncommercial copies of the music that they own, including the ripping of CD songs into MP3 format to be played on a portable MP3 player such as the Diamond Rio. Representative Rick Boucher has sent a letter to the RIAA regarding this issue, indicating that such CDs may run afoul of the AHRA. See http://www.techlawjournal.com/intelpro/20020104boucher.asp. Additionally, Phillips, the inventor of CD technology, has opposed the creation of CD protection systems which attempt to modify the original specification for the CD format. See http://www.newscientist.com/news/news.jsp?id=ns99991783
[44] For a brief history of the DIVX format, see http://www.the-doa.com/Pages/DoaDivxHistory.html
[45] Id.
[46] Id.
[47] John Therien, Exorcising the Specter of a "Pay-Per-Use" Society: Towards Preserving Fair Use and the Public Domain in the Digital Age, 16 Berk. Tech. L. J. 979, 984 (2001).
[48] Sony Corp. v. Universal Studios, 464 U.S. 417, 432-33 (1984).
[49] See note 32, supra, at 191.
[50] The potential for a possibly unbreakable access control system is quite real. CSS is a relatively weak encryption scheme; improvements in technology will enable stronger forms of encryption to effectively lock the data on the DVD itself. In the future, it would be possible to encrypt each DVD disk with a unique key, unlike CSS which encrypts the data on every DVD with essentially the same key. With this system, as you load a DVD into the player, the player sends a request to a central server for the proper key, along with the serial number of the DVD. The central server checks the identity of the DVD player and associates the DVD serial number with that specific player, allowing the central server to potentially track illegal bit-for-bit copies of that same DVD. Once the central server has verified that the player is authorized, it will send the decoding key to the player. A system like this, while not directly preventing bit-for-bit copies of DVDs being made, could essentially prevent the existence of anything like DeCSS.
[51] See note 47, supra, at 997-98.
[52] Id.
[53] http://news.com.com/2010-1078-825335.html
</x-html>
Junk E-mail and the Dormant Commerce Clause: Constitutional Limits on State Power to Regulate Spam
Brian A. Tufteea1
Cyberspace Law Seminar, Spring 2002 Semester
TABLE OF CONTENTS
TABLE OF CONTENTS
I.Introduction
II.Junk E-mail in our Lives
Regulating Junk E-mail
The Current Statutory Framework
III.The Dormant Commerce Clause Generally
The Legal Test for the DCC
IV.The History of DCC Challenges to State Regulation
of the Internet
ACLU v. Pataki
ACLU v. Johnson
Hatch v. Superior Court
V.State Junk E-mail Statutes Challenged Under the DCC
Washington v. Heckel
Ferguson v. Friendfinders, Inc
VI.Analysis for a Model State Act
Truthfulness
Opt out provisions
Subject line requirements
Protection of Third Party Internet Domains
Intrastate jurisdiction
Affirmative defense
Enforcement
Penalties
First Amendment Issues
VII.Conclusion
Appendix: Model Act for Regulation of Unsolicited Commercial
E-mail
I. Introduction
This paper will explore the myriad problems that unsolicited bulk or junk e-mail presents to our interconnected world. Specifically, this paper addresses the problem that state regulation of junk e-mail may violate the Dormant Commerce Clause of the U.S. Constitution, and proposes a model act for the regulation of junk e-mail. It will be shown that with proper drafting, a state law can still effectively regulate intrastate junk e-mail, yet remain constitutional. It is ultimately hoped, however, that Congress will take affirmative action and pass legislation to regulate junk e-mail on a national level, thereby addressing the issues properly, avoiding the problems of inconsistent state regulation.
II. Junk E-mail in our lives
The internet is a worldwide phenomenon that touches the lives of nearly everyone in the United States. Over 50% of Americans[1] had direct access to the World Wide Web ("WWW") or the internet in some capacity in 2001.[2] In addition to this, it is estimated that over 42% of Americans used e-mail services on the internet.[3]
As anyone with an e-mail address knows, it is more often than not that the message waiting for you in your inbox is not a note from a friend, but instead is an unwanted advertisement. Junk e-mail, or spam as it is more colloquially called, is an ever present part of life on the internet. Like the junk mail that we still continue to receive in our old-fashioned mailboxes daily, spam is the creation of clever marketers who recognized the near-zero cost of sending e-mail over the internet, and took advantage of it to the extreme. On any given day, between 10% and 30% of all of the e-mail messages delivered in the United States are some form of unsolicited junk e-mail.[4] Even with a conservative estimate, this translates into some 80 trillion unwanted pieces of junk e-mail each year.[5] By contrast, the entire United States Post Office handles a paltry 207 billion pieces of mail per year, just 0.25% of the annual volume of junk e-mail.[6]
Regulating Junk E-mail
The problems presented by junk e-mail are different than those presented by conventional junk mail or telemarketing. First, and foremost, junk e-mail is largely untraceable, since it is relatively easy for a sender to modify the "From:" header on the junk e-mail message and forge a false return address.[7] Still, there are ways to trace e-mail to its sender, which is important for the enforcement of any law that would attempt to regulate junk e-mail. Second, as noted before, junk e-mail is incredibly inexpensive for the sender, enabling the creative marketer to send hundreds of thousands or even millions of e-mails per day. This low cost of sending bulk junk e-mail messages gives senders no incentive to use resources in an efficient manner.[8] Third, the content of junk e-mail is often times either inappropriately obscene, or it advertises fraudulent or illegal products and services. A random sample of 200,000 junk e-mail messages by the FTC revealed that 30% of the messages were pornographic in nature, and another 30% were get rich quick schemes.[9] This is in contrast with much of telemarketing and mass mailing, which generally offer legitimate, if unwanted, solicitations to the consumer. Fourth, junk e-mail can contain viruses or worms that can infect and damage a recipient's computer.[10]
The final and most obvious difference between junk e-mail and conventional mass mailing or telemarketing is that there is at least some regulatory framework in place which is designed to protect consumers and regulate the business activities of advertisers. The Federal Trade Commission ("FTC") is charged with the regulation of telemarketers and mass mailers, and offers a variety of services to protect the consumer.[11]
Unfortunately, the FTC has little to offer in the way of protection for recipients of unwanted junk e-mail messages. Consumers are able to file complaints with the FTC, and are encouraged to send in copies of junk e-mails as well.[12] There is, however, no easy way for the FTC to pursue mass marketers of junk e-mail, largely for the reason that junk e-mail messages are hard to track. Spam e-mails generally do not contain much in the way of information identifying the sender, often omitting a reply e-mail address, phone number, or business address.[13] This seriously limits the ability of the FTC to regulate junk e-mailers in the same way that it can regulate telemarketers or mass-mailers.
The Current Statutory Framework
One of the most glaring gaps in consumer protection is that Congress has created no federal legislation which directly speaks to the problems associated with junk e-mail. While the FTC does have broad powers to ban unfair or deceptive trade practices, and has the power to define specific trade practice rules for particular industries,[14] it does not have the power to create a uniform, national system for the regulation of junk e-mail. Since 1999, the 106th[15] and 107th[16] sessions of Congress have proposed numerous bills attempting to deal with the problem of unsolicited junk e-mail. Of these bills only the Unsolicited Electronic Mail Act of 2000[17] made it through one house of Congress. As of yet, no bill has successfully passed both houses and become law, leaving a gap at the national level.
The states have decided to take the initiative that Congress has been unable to, and have passed anti-spam legislation of their own. Currently, twenty states have some form of restriction or regulation placed on the sending of junk e-mail.[18] Delaware's anti-spam law is probably the most restrictive of all states, prohibiting the sending of unsolicited bulk commercial e-mail,[19] the sending of bulk e-mail with falsified routing information,[20] or the distribution of software designed to falsify routing information.[21] Other states have taken less restrictive steps, generally requiring the sender to provide contact information and a method for opting out of future unsolicited e-mails, akin to a no-call list that a telemarketer would maintain.[22]
These laws attempt to do what Congress seems incapable of doing, and the end result is a patchwork of state laws which are inconsistent and potentially unconstitutional. When applied to the internet, which is rapidly becoming a national market for goods and services, this patchwork of state legislation is susceptible to a serious challenge under the Dormant Commerce Clause.
III. The Dormant Commerce Clause Generally
The Dormant Commerce Clause ("DCC") is a judicially created doctrine that arises from the negative implication of Congress' commerce clause power to regulate commerce between the states. [23] The development of this doctrine can be traced back to early cases dealing with protectionist state legislation, in which the courts sought to remove discriminatory state laws which hampered interstate trade.[24]
There are two main rationales behind the existence of the DCC.[25] Previously, under the Articles of Confederation, there was no explicit power to regulate trade among the states. As a result, there existed a patchwork of uneven tariffs, regulations, and restrictions that generally hampered the ability of the states to engage in commerce with each other.[26] The existence of the commerce clause was a result of the recognition that national control and management is the optimum way to deal with the problems presented by interstate trade.[27] As a result, courts have interpreted this power as providing a bar to state actions which would also have the effect of regulating commerce. Congress alone should have the power to control trade between the states.
The second rationale for the DCC is that when Congress has failed to act in a particular area, there may be reasons why. Congress may have decided, through silence, that a particular aspect of interstate commerce should be left alone. Courts are then reluctant to let states enter the fray, when Congress itself has not chosen to do so.
The Legal Test for the DCC
Violations of the Dormant Commerce Clause generally fall into three broad categories. First, there are state laws which plainly and facially discriminate against out-of-state interests, to benefit local ones. These laws have included an exemption from liquor taxes for a locally produced liqueur,[28] and a law requiring milk sold within the state to be processed at a central location within the state.[29] These laws are practically always struck down as a violation of the DCC, and the strictest scrutiny is applied in such cases.[30]
Second, there are state laws which are facially neutral, but have a discriminatory effect when applied. These laws have included a requirement that apples sold in a particular state not be marked with state-defined grades, but only the U.S.D.A. grades,[31] and a limit on the price that could be charged for milk within the state, even if it had been purchased out-of-state at a lower price.[32] In cases such as these, the courts are especially careful to look for a protectionist purpose behind the statute. Evidence of a protectionist motive, even if the law itself is facially neutral, will typically invalidate these types of laws.
Finally, there are those laws which treat local and out-of-state interests equally, yet still impose a burden on the flow of interstate commerce. For these types of laws, the courts employ a balancing test, which comes from Pike v. Bruce Church, Inc.[33] The Pike balancing approach looks to the impact of the law or regulation on interstate commerce, and weighs it against the local state interest that is being served by the statute. The test is generally expressed as follows: "Where the statute regulates even-handedly to effectuate a legitimate local public interest, and its effects on interstate commerce are only incidental, it will be upheld unless the burden imposed on such commerce is clearly excessive in relation to the putative local benefits."[34]
Since the types of laws which currently exist to regulate junk e-mail will all most likely fall into the third category, further exploration of this subset is warranted. As noted above, there must be a balance between the state interest and the burden on interstate commerce. This presupposes that there is in fact a legitimate state interest present.[35] safety,[36] or welfare[37] of the state. The state cannot, however, have a legitimate interest in promoting the interests of its own citizens to the detriment of those from other states, as this goes to the heart of what the DCC was designed to avoid.
On the other side, the court must weight the burden to be placed on interstate commerce. This includes an examination of the market effect of the law or regulation, which includes things such as increased costs of doing business,[38] limitations on activities in markets other than the state in question,[39] barriers to entering a new market within the state,[40] and the level of inefficiency that results from complying with a patchwork of conflicting state laws.[41]
The inherent nature of a balancing test is that there will be no bright line for distinguishing one case from another. Generally, the state interest must be important, and the burden on interstate commerce must be small in comparison to the state interest. Thus, a critical state interest, such as protecting the health of citizens, will be able to place a greater burden on interstate commerce than a less important state interest, such as saving money.
Additionally, there is a category of DCC analysis which does not fit easily into the categories described above. This is the extraterritoriality principle, and it operates to invalidate state laws which have the effect of regulating conduct occurring wholly outside the state.[42] This amounts to an exportation of commercial policies by one state into another, and is per se invalid under the DCC. An extraterritoriality argument can be made for practically any of the three categories of state legislation described above, and will require a specific factual inquire to determine if there are any direct or incidental effects of the challenged state law which operate entirely outside of the bounds of the state.
IV. The History of DCC Challenges to State Regulation of the Internet
ACLU v. Pataki
The landmark case dealing with state regulation of the internet is ACLU v. Pataki.[43] Pataki was decided in the relative infancy of the internet, when states were just beginning to recognize the magnitude of impact that the internet would have on society. Pataki involved a law which made it a crime to engage in communications with a minor which depicts or describes obscene conduct.[44] The law was challenged on several grounds, including the First Amendment and the DCC. The court devoted essentially its entire opinion to the DCC argument, and thus Pataki became the first major court decision anywhere applying the DCC to a state law regulating the internet.
The Extraterritoriality Analysis
The defendants in Pataki argued unsuccessfully that the law in question regulated intrastate conduct alone.[45] This argument carried little weight when one looked to the literal text of the statute, which placed no limits on the location of the communications in question, simply provided that New York can exercise criminal jurisdiction over the putative defendant. The nature of the internet, which is basically insensitive to geographical boundaries, guarantees that the statute as worded would be applied to communications which occurred outside of New York. Web pages which are placed on a server in California can be viewed by individuals from practically every country in the world, including minors located in New York. The statute therefore subjected an individual webmaster, who had never set foot out of the state of California, to the risk of being charged in New York, simply because a minor had accessed the webmaster's site which included adult-oriented themes. In this regard, the law clearly reached beyond the state of New York and made potential criminals of individuals located all over the country.
As a backup, the defendants in Pataki argued that internet communications are not "commerce" within the meaning of the Constitution, and therefore the DCC should not apply to their regulation.[46] This argument carries no weight either, since the U.S. Supreme Court has given "commerce" an exceedingly broad definition. Activities which are conducted without a profit motive, which includes much of the communication on the internet, can still be considered "commerce" for DCC purposes.[47] Additionally, the level of commerce which takes place over the internet was substantial even in 1997, let alone today. For these reasons, the argument that the internet does not involve "commerce" is a futile one.
As noted earlier, extraterritorial regulation of commerce is generally per se invalid under the DCC. The court in Pataki cited several U.S. Supreme Court decisions, including Baldwin v. G.A.F. Seelig, Inc., Edgar v. MITE, and Healy v. Beer Institute, all for the proposition that extraterritorial regulation of commerce is per se invalid.[48] The critical inquiry is whether or not the practical effect of the challenged law or regulation is to control commerce occurring wholly outside the bounds of the states. The law in Pataki has this effect as well. A person in California will be prohibited or discouraged (at least theoretically) from putting up an adult-oriented website on a California server, fearful that a New York minor may gain access to that website. Thus, conduct which occurs wholly within the geographical confines of California may be regulated by the New York law. For this reason, the law in Pataki cannot stand.
The Pike Balancing Test
Pataki did not just rest on the extraterritorial regulation of commerce to invalidate the law in question. An alternative examined by the court was the Pike balancing test, discussed above.[49] For this analysis, the court first determined the local interest that New York was seeking to protect. Then, the court determined the burden that the law would have on interstate commerce. Finally, the court weighed these two facts under Pike.
The local interest that New York was seeking to serve was the protection of minors from obscene communications. The defendants supplied the court with a great deal of evidence concerning the proliferation of adult content on the internet, and most disturbingly, the increasing presence of pedophiles and sex offenders online, who use the internet to converse with and seek out potential victims. This is clearly an important state interest, yet the court notes that the actual benefit to New York is fleeting at best.
First, the law would only target communications which originate in the U.S., thereby exempting any obscene or harmful contact originating from foreign jurisdictions. Second, there are real questions about New York's ability to exert criminal jurisdiction over potential defendants who have no contact with New York, other than the fact that a minor in New York received obscene communications from the potential defendant. The court notes the improbability that bounty hunters from New York will travel across the other 49 states, dragging pedophiles into New York for trial.[50] The practical reality is that the challenged statute will have little effect on the protection of minors in New York.[51] The court further notes the existence of laws which already criminalize obscenity and child pornography, and finds that the challenged law in Pataki will have little if any real impact on local interests.
Weighed against the local impact is the burden placed on interstate commerce by the challenged act or regulation. In this case, there was a marginal local benefit, balanced against a nationwide burden on content providers. It was clear which way the scales would tip in such a situation, and therefore the statute in Pataki failed the Pike balancing test.
ACLU v. Johnson
The state of New Mexico attempted to pass essentially the same statute that was at issue in Pataki, prohibiting indecent communications with a minor over the internet. Not surprisingly, the ACLU mounted a challenge to this statute as well.[52] Since the Tenth Circuit agreed substantially with the court in Pataki, this case only serves to reinforce the problems with state regulation of the internet.Pike balancing test was used to arrive at substantially the same outcome.
Hatch v. Superior Court
Another crucial case interpreting state laws in relation to the internet was Hatch v. California.[53] In Hatch, the state of California was using a law that made it a crime to send specifically defined (hardcore, obscene) material over the internet to a minor for the purposes of seduction.[54] Hatch was nabbed in a sting operation conducted by a television network which sought to expose the seedy underside of the internet. The network hired young women to pose as teenagers on the internet, acting as bait for pedophiles and sex offenders. Hatch took the bait, and engaged in a wide variety of sexually related conversations, sending images, and proposing and hinting at wanting to have sex with the women he believed to be minors. After collecting a good deal of evidence, the police were notified, and Hatch was arrested, charged, and convicted.
In his challenge to his conviction, Hatch argued that the California law was unconstitutional because it violated the DCC. Specifically, he turned to Pataki and argued for its broad application to the California statute. There are several reasons for why Pataki was inapplicable here. The most important element of the California statute that was missing in the statute in Pataki was the explicit intent requirement. Unlike Pataki, in order to run afoul of the statute in Hatch one was required to have a specific intent to communicate with a specific minor, with the purpose of seduction. This distinction is critical, because it goes straight to the heart of DCC analysis.
Because the statute in Hatch required this specific, intentional communication, the extraterritorial reasoning of Pataki was inapplicable. Hatch could not argue that the California law was regulating commerce occurring wholly outside the bounds of California, since the law required that the communication be taking place intentionally between the defendant and the minor.[55] This is clearly distinguishable from Pataki, since it would be possible for a person to be prosecuted under the New York statute simply by placing content on a website, with no knowledge of who was accessing it. Since the California law had no extraterritorial effects, the first line of reasoning from Pataki fails.
There still remained the Pike balancing test, since the California statute in question did have some effect on interstate commerce.[56] In weighing the state interest and the burden to interstate commerce, the court in Hatch found no question about the propriety of the statute under the DCC.Pataki, namely the protection of minors. However, the California law was more narrowly tailored, to reach specific acts of obscene communication that were made with the intention of seducing minors. Therefore, in order for one to fall within the purview of the California statute, one must be engaging in some very reprehensible behavior.
The burden to interstate commerce is exceedingly light, if one considers what the California statute was banning. It was prohibiting communications with a minor, intentionally conducted for the purpose of seducing the minor. There is quite clearly no value to be placed upon such forms of communication, and therefore a law which interfered with the ability of persons to make such communications would have no legitimate impact on interstate commerce at all.[57] The court noted that just because Hatch used the internet to communicate with his intended victims should not serve to provide him with a shield against criminal liability.
In all actuality, there was no burden placed on interstate commerce at all by the California act. The types of communications which were prohibited by the act were clearly not a legitimate form of commerce at all, and deserved no protection under the DCC. With no burden to balance against, the state interest need only be insignificantly slight in order to survive under the Pike balancing test.[58]
The common thread to note throughout all three of these cases is the fact that if a statute is to survive a DCC challenge, it must be worded carefully to avoid two things: regulation of wholly out-of-state commerce (the extraterritoriality problem), and an excessive burden on interstate commerce (the Pike test). This is the heart of the DCC challenge, and as will be seen below, the key to saving a junk e-mail statute from the axe of the DCC.
V. State Junk E-mail Statutes Challenged Under the DCC
To date there have been just two decisions which challenged state anti-spam laws under the DCC, in California and Washington state. The laws had somewhat different effects on junk e-mail, and can form the basis for a model act dealing with the problems of junk e-mail.
Washington v. Heckel
Heckel was the first final decision in the nation (June, 2001) which challenged a state law dealing with junk e-mail.[59] The Washington statute[60] applied to all commercial e-mails sent from a computer in Washington to an e-mail address held by a Washington resident, and prohibited three things: First, it made it illegal to use another's domain name in the message without their permission.[61] Second, it made it illegal to misrepresent or obscure any information identifying the point of origin or transmission path of the message. Third, it prohibited false or misleading information in the subject line of the message. Additionally, it stated that for the purposes of the statute, an e-mail sender has knowledge that his intended recipient is a Washington resident if that information is available from the internet domain which is providing the e-mail address for the recipient.[62]
When Heckel was charged with three violations of the statute, in that he used misleading subject lines, misrepresented the transmission paths of his messages, and effectively did not provide a valid return e-mail address for his messages.[63] The trial court found that the statute violated the DCC, and the state sought an appeal.
The issues in Heckel are substantially the same three arguments that were found in Pataki and Hatch. First, the act unfairly burdens interstate commerce, under the Pike balancing test. Second, the act regulates extraterritorial commerce, which is per se a violation of the DCC. Finally, the act subjects the internet to inconsistent regulations, which is unacceptable for a nationally vital system such as the internet. The court addressed and dismissed each of these arguments in turn.
Starting from the third argument and working back, the court held that the act does not subject the internet to inconsistent regulation.untruthfulness as a matter of law, for obvious reasons. Since there is no danger that e-mail senders will have to comply with a patchwork of state laws, but instead must only adhere to the general standard of truthfulness, the act does not create a patchwork regulation system.[64]
With regards to the extraterritoriality argument, it seems clear that there is no attempt by the statute to regulate out-of-state commerce, nor does the statute have any incidental effects which could influence wholly extraterritorial commerce.[65] The statute only applies when a message is sent from a computer in Washington to a Washington resident, with at least constructive knowledge that the recipient is a Washington resident. Messages which are sent from an Iowa computer to a Washington resident, or messages sent from a Washington computer to an Iowa resident are not included within the purview of the statute. Most importantly, messages exchanged between wholly out-of-state individuals are not brought within the scope of the statute.
The extraterritoriality analysis is not quite as simple as that, for even if the statute does not directly apply to extraterritorial conduct, it may nevertheless have an indirect effect on commerce occurring wholly within other states. In this case, however, there is no incidental effect on extraterritorial commerce, as there was in Pataki. The crucial distinction here is that Pataki applied to any form of internet activity, including websites which could be seen by internet users everywhere, thereby exposing an out-of-state resident to criminal liability when viewed by any New York minor. This crucial distinction forecloses any extraterritorial issues that were present in Pataki.
Finally, the Pike balancing test shows that the burden on interstate commerce is exceedingly light, if present at all, and the state interest is strong. There are three groups of people that are protected by the Washington statute: the actual recipients of the e-mails, internet domains which are used without permission in the message, and the ISPs who must bear the extra costs of dealing with the volume of spam e-mail sent to their users.[66] Of course it is not simply enough to look at the potential state interests in the abstract; the actual or probable benefits of the statute must be examined to determine the true local benefit.
The court believed that the truthfulness requirement of the act would in fact have real benefits.[67] E-mail recipients could immediately delete e-mails just based on the subject heading if the messages were truly and accurately identified as commercial solicitations. Also, the requirement of accurate headers and transmission paths would give recipients an easy way to track down return e-mail addresses of those sending the e-mail.
Weighed against these local benefits is the potential burden to interstate commerce. However, the court notes that the only burden here is the requirement of truthfulness, which is in fact not a burden at all.[68] In fact, the burden comes when would-be spammers decide to violate the law, by selectively omitting Washington residents from their junk mailings. The cost of truth in advertising is negligible, and in fact should not properly be a factor in the analysis. Spammers can hardly complain that their costs have gone up because they must now be truthful in sending their messages, and that they can no longer send out fraudulent offers. It is certainly hoped that no court in the nation would consider it a burden for advertisers to be truthful. Since there is no real burden on interstate commerce, and because the local benefits are real and important, the Pike balancing test will not find a violation of the DCC.
Ferguson v. Friendfinders, Inc.
California has a much more detailed law dealing with the regulation of junk e-mail, which was invoked by an individual besieged by junk e-mail in this case.[69] The California law, like the Washington law, only applies to e-mail from between California individuals or businesses to California residents. The law[70] requires several affirmative acts on the part of the sender. First, the sender must include either a toll-free phone number or a valid return e-mail address to enable the recipient to opt out of future advertisements, and indicate that option within the message. Second, senders must include, as the first characters of the subject line, either "ADV:" or "ADV:ADLT" to notify the recipient that the message is an advertisement. Third, the sender cannot send future advertisements to any individual who has decided to opt out of such advertisements.
The line of attack in Friendfinders begins customarily with an extraterritorial analysis. This analysis leads to the same result in Heckel, because the statute is narrowly worded to apply to conduct only occurring within the state of California. The mere fact that it may be difficult to ascertain which recipients are located within the state of California does not suddenly change the focus of the law from intrastate conduct to out-of-state conduct.[71] An aspect of the extraterritoriality analysis seems to be missing from the court's opinion in Friendfinders, however, since the court does not address the potential for incidental effects on wholly out-of-state commerce. This will be addressed fully at a later point in this paper.
Also, the court does not find that the California law violates the DCC under the Pike balancing test. The local benefits that are realized under the statute are similar to those outline above in Heckel, namely the protection of e-mail recipients and ISPs.[72] The California law also has the benefit of allowing recipients to opt out of future e-mails, something not permitted by the Washington statute.
Against these local benefits the court quickly dismisses any real burden to interstate commerce. First, truthfulness is not a burden, in fact it is a highly desirable benefit to "impose" on commerce, since it helps to eliminate fraud and confusion among the recipients of junk e-mail.[73] Second, the costs of including extra characters in the subject line to identify the message as an advertisement is miniscule. Finally, the court, in a rather conclusory fashion, dismisses any burden imposed by providing opt-out mechanisms.[74]
VI. Analysis for a Model State Act
A model state act which proposes to deal with the problems associated with junk e-mail must first analyze the problems presented by junk e-mail, and how they implicate legitimate state interests. The first problem with junk e-mail is that it can expose the residents of the state to fraudulent and misleading advertising. This is not, however, the biggest problem with junk e-mail, since all states have laws dealing with unfair or deceptive trade practices (in addition to the powers possessed by the FTC). Instead, the greatest problem with junk e-mail is the sheer number of messages being transmitted, and the lack of any uniform system for opting out of future messages.
Since the goal of this paper is to propose a model state act for dealing with junk e-mail, it would be wise to analyze each specific provision of the California and Washington laws and look at their constitutionality under the DCC.
Truthfulness
This component of anti-spam laws will have the least impact on interstate commerce. Truthfulness includes not only the content of the message itself, but also restricts the falsification of message headers or return e-mail addresses. As indicated above, it is a futile argument to claim that requiring truthfulness will place any legitimate burden on interstate commerce. Any law which attempts to deal with junk e-mail can and should include this provision, as did both the California and Washington laws.
Opt out provisions
While the Washington law does not contain this provision, the California law does. Any statute which attempts to deal with spam must provide some method of enabling the recipient to affirmatively decline future messages. While it would be nice to have a statewide or even nationwide database containing a list of e-mail addresses that could not be contacted, such a database would be an expensive undertaking. Placing the burden on individual spammers to maintain their own no-contact lists is an attractive solution to the problem. Since spammers essentially get free postage, unlike those advertisers who use the regular mail, it seems more than reasonable to force spammers to share some of the burden in maintaining a no-contact list.
This provision is still the most troubling for a state law, since it does place a real and meaningful burden on those who would send e-mail in interstate commerce. It should be remembered that the Pike balancing test is generally unconcerned with whether not the law is regulating wholly intrastate conduct, but instead is concerned with whether or not the law has any effect on interstate commerce as a whole. Since one cannot reasonably argue that sending e-mail on the internet does not affect interstate commerce, tailoring the jurisdiction of the statute to reach only intrastate conduct will not save the statute under a Pike analysis.
In this case, it may be a close balance between burdening interstate commerce, and benefiting local interests. Still, the one state court which has done the analysis has found that the scales tip in favor of sustaining the statute. Because of the great value in allowing individuals to opt out of future junk e-mail, this provision should be made a part of the model act. Should a state or federal court later decide that this provision creates an excessive burden on interstate commerce, its removal can be made at a later date without too much damage to the statute.
Subject Line Requirements
While the Washington law only requires that the subject line not be misleading or false, the California law requires that the subject line specifically indicate that the message is an advertisement. The burden in imposing such a requirement is vanishingly small, since there are no pre-printed advertising materials for the spammer to throw away and reprint. Since spammers send identical messages to their recipients, it is no real burden (both time and money) to require a slight modification to a small part of the message. The software programs that spammers use are highly automated, and could easily accommodate this change.
The benefits by adding such a requirement are immense. Also, mail filtering software can be used to prevent any such messages from ever being received by the addressee. Many e-mail providers attempt to do some degree of junk e-mail screening, but the effectiveness of this approach is severely constrained by the sheer variability in junk e-mail content. A subject line requirement will go a great distance towards lessening the junk e-mail problem.[75]
The subject line requirement can also be used to identify the message as being adult in nature. This provides a further benefit to society, since adult-oriented e-mails can be screened by filtering software. Furthermore, it provides a degree of differentiation, so that users can perhaps opt to delete every adult oriented e-mail, but may choose to read some of the non-adult messages.[76] Anything more specific regarding the subject line is left up to the sender, provided that it comports with general truthfulness requirements.
The biggest problem with subject line requirements is that they have the potential for creating a patchwork of inconsistent state regulations. This is one of the evils that the DCC exists to prevent, and this is why a model state act is so desperately needed. For example, the California law requires an adult-oriented advertisement to contain "ADV:ADLT" as the start of the subject line. In Pennsylvania, the requirement instead is for "ADV:ADULT".[77] It would be impossible to comply with both of these requirements at once. When one considers that spammers send their messages to randomly compiled lists of e-mail addresses, and that when sending thousands of messages out at once, it is likely that the same message will be sent to a California resident and a Pennsylvania resident, thereby creating noncompliance in at least one jurisdiction.
The only potential to save this system is to have the statutes apply only to wholly intrastate conduct, as with the California statute. This shows the great importance of confining the statute to intrastate conduct alone, and shows why a statute without such a provision would most likely be invalid under the DCC. Since it is believed that such a jurisdictional limitation makes subject line requirements permissible, they will be included in the model act.
Protection of Third Party Internet Domains
This is something that the Washington statute includes, but the California one lacks. It prevents a spammer from using a third party domain name without the permission of the domain owner. This statute is of somewhat dubious legitimacy, since federal trademark and unfair competition law already exist to serve this purpose. A state law which purported to extend this protection beyond federal limits may find itself preempted. The Washington statute makes it illegal to use a domain name without permission, regardless of the context that it is used in, and without regard for the presence or lack of a fraudulent intent. Since federal trademark law is not so restrictive as this, and could in many cases allow a domain name to be included in a message for perfectly legitimate reasons, the Washington law is probably overreaching.
Since this part of the Washington law will in fact be of little benefit (since there is already a general truthfulness requirement and states have other laws dealing with fraud), and since it is possibly ripe for a legal challenge under the Supremacy Clause, it is not an essential part of a model state act dealing with junk e-mail, and will be omitted from the proposed act.
Intrastate jurisdiction
This is, without a doubt, the most crucial provision of any state law that would ever attempt to regulate the internet. A carefully drafted jurisdictional clause will protect the statute from an extraterritoriality attack under the DCC; a poorly drafted one will invalidate the statute. The DCC is especially sensitive of a state law which looks like it is affecting wholly out-of-state conduct, and employs a per se rule of invalidity for such cases. The jurisdiction of the model act should be tailored to apply only to intrastate conduct. As such, it should only apply when the sender uses a computer within the state to send the e-mail to a recipient who lives in the state.
This drafting removes any realistic extraterritorial effects, whether directly imposed by the statute or resulting incidentally from it. The only spammers who will even worry about the law are those who already live in the state that passes this model act; an out-of-state spammer can send messages into the state without fear of liability. Therefore, there is no effect on conduct which occurs outside of the state.
On an additional note, the intrastate restriction contained in the model act serves a useful purpose as well, by avoiding tricky questions of personal jurisdiction. If a resident of Maine were to send an junk e-mail to a resident of California, and assuming that the only contact that the sender has with California is sending e-mail, are there sufficient minimum contacts to justify personal jurisdiction in the California courts? The answer to that question is probably no.[78] Also, would there be a state long-arm statute which covered the situation? By confining jurisdiction of this model act to wholly intrastate conduct, these questions are avoided, and administration of the act is simplified.
Affirmative defense
Additionally, I propose the creation of a new provision in the model act, namely an affirmative defense. The biggest complaint that can be had of an anti-spam statute such as this is that it is difficult, if not impossible, to know the state of residence of each and every message recipient. As a practical reality, therefore, anyone sending spam from a state with the model act in place will tailor his messages to comply with the relevant state statute, even if some or most of the recipients are in fact not residents of his same state.
While it is likely that any state law which attempted to regulate spam sent from an out-of-state computer to a resident in the state would be invalid under the DCC, such laws do in fact exist.[79] In order to protect those who send junk e-mail with a good faith effort to comply with the laws of the recipient's state, I believe that an affirmative defense should be available. The defense would permit a spammer to escape liability under the act, if the spammer could prove with clear and convincing evidence that the spammer had a good faith belief that the recipient was located in a certain state, and that the e-mail which was sent to that recipient complied with the laws of that state. In the event that the spammer could show such evidence, the purposes of the act would generally not be served by imposing liability on a spammer who went to such great lengths to ensure compliance with the law.[80]
Enforcement
No law would be complete without a mechanism for enforcement. The model act contains enforcement provisions which are similar to those employed in state anti-spam statutes. The model act does not contain a provision for criminal penalties; the only sanctions in the model act are civil fines. This was done for several reasons. First, by providing civil penalties, parties other than the state can sue spammers in court. The model act makes it possible for either individual recipients or their ISPs to sue spammers, not just the state attorney general. Also, while spam may be annoying, it does not generally rise to the level at which criminal sanctions are appropriate. States already have laws which deal with fraudulent offers and scams, and those junk e-mails which cross the line into outright fraud can be dealt with other states laws which may criminalize such conduct.
It is predicted that individual e-mail recipients will rarely receive enough e-mails from a single spammer to make a lawsuit worthwhile. This is where ISPs can step in and take over. With the consent of the e-mail recipient, the ISP that provided the mail hosting services for the spam victim can sue the spammer directly. Since ISPs handle gigantic amounts of e-mail daily, there will be ample reasons for ISPs to sue spammers that clog their systems. Additionally, the model act expressly makes it possible for ISPs to contractually obligate their customers to provide consent to sue spammers. By providing consent beforehand, ISPs will find it much easier to coordinate lawsuits against flagrant spammers in an effort to force compliance with the act.
Penalties
This section of the model act is generally left open for the state to decide what it believes the proper penalties should be. The model act provides for a set fine per e-mail sent, with a maximum cap of $10,000. States may choose to increase or decrease the fine amounts, or to provide more graduated levels of increasing fines. A possible alternative method would be to impose a fine of $100 per message for the first 100 messages, then $50 per message for the next 100 and so on. This would still give the model act the power it needs to force spammers to comply, and would base the fine on the number of messages sent, yet it would not impose a draconian fine overall.
First Amendment Issues
Since this is a paper dealing with the problems posed by the DCC, an in-depth treatment of First Amendment issues is not appropriate. Still, since it is hoped that the model act proposed by this paper will be fully constitutional, a brief discussion of First Amendment law on the issue of commercial speech is appropriate.
Under First Amendment principles, content-based restrictions on speech are expressly forbidden, however, reasonable time, place, and manner restrictions are appropriate if they are content-neutral, and serve important government interests. The laws which currently regulate telemarketing and mass mailing can be analogized to the proposed model act, and it is believed that the restrictions imposed by the model act are constitutional.
Commercial speech has been recognized by the U.S. Supreme Court to be deserving of protection under the First Amendment, commensurate with its position in relation to other constitutionally guaranteed expression.[81] In Central Hudson Gas & Elec. Corp. v. Public Service Commission of New York,[82] the Supreme Court outlined a four part test for determining the validity of a restriction on commercial speech under the First Amendment.
First, the underlying speech must be protected under the First Amendment generally. This means that the speech is legal and not misleading or fraudulent. Second, there must be a substantial government interest. Third, the legislation must directly advance the government interest, and fourth, the legislation must be no more extensive than necessary to serve that interest.
Under the first prong of the test, it is conceded that there is a good deal of unsolicited commercial e-mail which is not misleading, illegal, or fraudulent, and therefore is deserving of First Amendment protection. The second prong of the Central Hudson test is most likely met in this case, since, as with FTC regulations of telemarketing and mass-mailing, there is a substantial government interest in protecting consumers from the huge volume of junk e-mail, the annoyance it causes, and the strain it places on communication infrastructure.[83]
The third prong of the test requires that the proposed restrictions on junk e-mail directly advance the government interests which are present. The government must carry the burden in showing that the proposed law will alleviate the harm it seeks to redress to a material degree.[84] The fourth prong requires that the government means employed be narrowly tailored to achieve the desired objective, and is not as high a standard as the "least restrictive means test".[85]
In this case, the third prong is satisfied by the proposed model act. The harms which are presented by junk e-mail will directly be addressed by the restrictions of the act. Consumers will be able to relieve the burden of being deluged with countless junk e-mails by opting out of future mailings. Consumers will also be able to quickly determine which messages in their inbox are junk and which are not. Mail screening programs will also be able to assist the consumer, as a direct result of the subject line labeling requirements.
The fourth prong requires that the means be narrowly tailored, in this
case, that the restrictions imposed on junk e-mail be closely related to
the harm, and that the restrictions do not overreach and unfairly restrict
the protected speech. In this case, there is not a wholesale ban
on junk e-mail. Advertisers are not prohibited from making at least
one sales pitch to each consumer. Other than minimal labeling requirements,
there are no restrictions on the content of the message (provided that
it is otherwise truthful and not deceptive or fraudulent).
The restrictions on commercial speech in the form of junk e-mail are no
more restrictive than those rules imposed by the FTC on telemarketers or
mass print mailers. Advertisers are not unreasonably blocked in their
attempts to reach consumers, and there are real benefits from such regulation.
The restrictions imposed by the model act are believed to be fully in compliance
with First Amendment jurisprudence.
Conclusion
The widespread prevalence of junk e-mail in our society has placed real burdens on e-mail users and ISPs. While junk e-mail does often contain legitimate advertising, there is nonetheless a need to regulate it to serve the best interests of society. By enforcing reasonable requirements for truthfulness, forcing junk e-mailers to label their messages clearly, and providing consumers with the ability to opt out of future advertisements, the model act proposed by this paper complies with the restrictions imposed by the Dormant Commerce Clause. The model act does not regulate wholly out-of-state conduct, and does not place unreasonable burdens on the flow of interstate commerce.
While it is hoped that states will make use of such legislation to assist in creating a uniform of national legislation which is constitutional, it is hoped that Congress will step up and finally enact legislation to regulate junk e-mail, and deal with the problems it poses on a national level.
Appendix
An Act For The Regulation of Unsolicited Commercial E-mail
Preamble:
The purpose and intent of the legislature in adopting this law is to deal with the complex and unique issues associated with Unsolicited Commercial E-mail on the internet, by placing fair and reasonable restrictions on the use of Unsolicited Commercial E-mail. The legislature expressly finds the following facts to be true:
1. Usage of the internet and e-mail is widespread throughout this state, nation, and the world, and is essential to the functioning of our society.
2. Many business organizations and individuals, located both within the state and in foreign jurisdictions, use unsolicited e-mail as a means for advertising and informing consumers of their products and offers.
3. While there are many legitimate business purposes behind unsolicited e-mail, some uses of unsolicited e-mail have fraudulent or deceptive purposes or intentions.
4. Furthermore, many residents of this state have expressed the desire to be free from unwanted commercial e-mail messages.
5. The sending of large amounts of unsolicited commercial e-mails places a burden on the Internet Service Provides which provide e-mail services for residents of this state.
6. Wishing to safeguard the residents of [state] from fraudulent business communications, to relieve the burden on Internet Service Providers, and to give the residents of [state] freedom from receiving unsolicited commercial e-mails in the future if they wish to opt out, the legislature does enact the following, to be known as the Uniform Unsolicited Commercial E-mail Act:
1. For the purposes of this Act, the following definitions are applicable:
a. "Adult-Oriented Material" includes any material which the average person, applying community standards, would view as appealing to the prurient interest, depicts sexual conduct in an offensive way, and has lacks serious literary, artistic, political, or scientific value.[86]
b. "Commercial E-mail" is any e-mail message sent to an individual or group, which has the purpose, in part or in full, of proposing, advertising, or describing any business transaction or opportunity, and with the intended effect of persuading the recipient to engage in said transaction or opportunity.
c. "Computer" means any device which performs numerical computing functions, uses electrical, magnetic, optical, or other method of storing data, and which is capable of being used to send, receive, or otherwise handle electronic communications.
d. "Headers" or "Message Headers" are the information contained at the beginning of an e-mail message which indicate the sender, recipient, message priority, and any other information which is not contained within the body or subject line of the e-mail message.
e. "Imbedded Link" is a line of characters, contained within the body of an e-mail message, which gives the address of a page located on the World Wide Web.
f. "Internet Service Provider" is any business entity, group, or individual that provides internet services to individuals, groups, or business entities, including e-mail, World Wide Web access, and internet connectivity.
g. "No-Contact List" is a list maintained by any individual, group, or organization, in any format, which contains the e-mail addresses of individuals who have affirmatively requested not to be contacted by a specific sender of Unsolicited Commercial E-mail.
h. "Transmission Path" is the information, contained with in the header of an e-mail message, which indicates the path that the e-mail message took in traveling from the sender to the receiver. This will include the Internet Protocol addresses of each computer on the internet that handled the e-mail message, in either numeric or alphabetical format.
i. "Unsolicited Commercial E-mail" is any commercial e-mail message which is sent to a recipient, when the recipient of said e-mail message did not affirmatively or implicitly request to receive said message.
2. Jurisdiction
a. This statute shall only apply to Unsolicited Commercial E-mail messages which are sent from a computer system physically located within the state of [state], to a recipient who is a resident of the state of [state].
b. The fact that the sender of an Unsolicited Commercial E-mail message is not aware that the recipient is a resident of the state of [state] shall be irrelevant for the purposes of this statute, except as provided in section 6.
c. The fact that the recipient of Unsolicited Commercial E-mail is not physically located within the state of [state] at the time said message is opened and read shall be irrelevant for the purposes of this statute.
3. Truthfulness in Unsolicited Commercial E-mail
a. It shall be a violation of this statute for any person, group, or organization to knowingly send, or cause to be sent, an Unsolicited Commercial E-mail to a recipient, subject to the requirements of section 2, if
i. the E-mail message contains any false, fraudulent, or misleading claims, statements, or other information, that are known to the sender to be false, fraudulent, or misleading, or
ii. the E-mail message contains falsified information in the message headers, or a falsified return address, or uses misleading transmission paths, all with the intention of confusing or misleading the recipient or disguising the true origin of the message.
4. Labeling
All Unsolicited Commercial E-mail messages shall contain the words "UNSOLICITED ADVERTISEMENT" as the first words on the subject line. If the e-mail message in question contains or refers to adult-oriented material, the subject line shall also include the words "ADULT CONTENT". Failure to comply with the subject line requirements in this section shall be a violation of this statute.
5. Opt-out Provisions
a. Every Unsolicited Commercial E-mail message shall contain one of the following methods for allowing recipients to opt out of future messages from the sender:
i. A return e-mail address to which the recipient can reply and request removal from future mailings from the sender. Requesting removal from future mailings will require the sender to place the recipient's e-mail address on a no-contact list, or
ii. An imbedded link to a web page which contains a form into which the recipient can enter their e-mail address. Entering an address into the form will place it onto a no-contact list maintained by the sender, or
iii. A toll-free phone number that the recipient can call and request removal from future mailings from the sender. Requesting removal from future mailings will require the sender to place the recipient's e-mail address on a no-contact list.
b. The sending of an Unsolicited Commercial E-mail by any individual, group, or organization, to any e-mail address which is located on the no-contact list maintained by that individual, group, or organization shall be a violation of this statute.
c. As a defense, the individual, group, or organization charged with a violation of section 5(b) may claim that they have not had a reasonable amount of time in which to process the recipient's request to be added to the no-contact list. A reasonable time for processing the recipient's request shall be determined with reference to the facts of the situation, but in any event shall not exceed five working days.
6. Affirmative Defense
A defendant who is sued under this act for violating one or more of its provisions may claim, as an affirmative defense, that they did in fact hold a good faith belief that the recipient of the e-mail message in question was a resident of another state, and the message as sent complies with the requirements, if any, of the state that the defendant believed the recipient was a resident of. A showing by the defendant on this point by clear and convincing evidence will defeat any claim under this statute for liability with regard to the particular e-mail in question.
7. Penalties
a. A violation of this statute shall result in a fine of $100 per e-mail sent, however, the total fine imposed shall not exceed $10,000.
b. The sending of e-mail messages in violation of this statute in one bulk transmission will not be considered to be a single violation, but instead will result in one violation per unique e-mail sent to a unique address.
8. Enforcement.
a. The provisions of this statute shall be enforced by a civil suit against the violator in [name of appropriate state court].
b. The State Attorney General shall have the power to sue violators of this statute on behalf of the people of the state, and may sue in one action for all violations committed by a specific defendant against the residents of [state].
c. Individuals who have received an e-mail message which is in violation of any portion of this statute may sue the sender. Individuals will be entitled to the fines recovered for any e-mails they have personally received, but may not recover on behalf of third parties who also received e-mails from the defendant in violation of this statute.
d. Internet service providers that provide e-mail services to a customer, who has received an e-mail in violation of this statute, may sue the sender under this statute on behalf of their customer, with the customer's consent. An Internet Service Provider may sue a single defendant for as many individual violations of this statute as have been committed against the Internet Service Provider's customers in a single action. Internet Service Providers may contract in advance for this consent, and may condition the receipt of such consent on providing e-mail services to an individual.
e. Recovery shall only be permitted once for each individual violation of this statute; no double recovery shall be allowed. The State Attorney General shall have priority over all other plaintiffs.
9. Miscellaneous.
a. This statute will become effective on [specified date, specified conditions, if any desired to be imposed by the legislature].
b. If any portion of this statute is declared unconstitutional by any state or federal court with proper jurisdiction, then said portion of this statute will be void and without any effect, but the remainder of this statute shall remain in effect to the fullest extent permitted by the law.
Note: portions of the statute enclosed in [ ] brackets can and should be modified by each state as they see fit. The entire section on penalties can be modified if the state sees fit; the crucial components of this statute which should be uniform nationally are the provisions which substantively govern the requirements of junk e-mail.
a1 Candidate for Juris Doctor at the University of Iowa Law School, 2002. B.S.M.E. from Iowa State University, 1998. This paper was written for Cyberspace Law Seminar, spring 2002 semester, Professor Nicholas Johnson.
[1] Taken from A Nation Online report from Commerce Department at http://www.cnn.com/2002/TECH/internet/02/06/internet.use/index.html. The full report is available at http://www.esa.doc.gov/508/esa/USEconomy.htm
[2] Though many believe otherwise, the internet and the World Wide Web are actually two distinct things. Within the internet exist specific services and functions, such as e-mail, Usenet news, and the WWW. See generally American Civil Liberties Union v. Reno, 929 F.Supp. 824, 830-38 (E.D. Pa. 1996).
[3] See note 1, supra.
[4] Calvin Whang, An Analysis of California's Common And Statutory Law Dealing With Unsolicited Commercial Electronic Mail: An Argument For Revision, 37 San Diego L. Rev. 1201, 1202-03 (2000).
[5] Id. at 1202.
[6] http://www.usps.com/news/facts/lfu_032702.htm
[7] http://members.aol.com/emailfaq/emailfaq.html
[8] David E. Sorkin, Technical and Legal Approaches to Unsolicited Electronic Mail, 35 U.S.F. L. Rev. 325, 338 (2001).
[9] See Whang, supra note 3, at 1203 n.9.
[10] Id.
[11] http://www.ftc.gov/ftc/consumer.htm
[12] http://www.ftc.gov/bcp/conline/pubs/online/inbox.htm
[13] See Sorkin, supra note 6, at 355.
[14] http://www.ftc.gov/bcp/conline/pubs/general/guidetoftc.htm
[15] http://www.spamlaws.com/federal/summ106.html
[16] http://www.spamlaws.com/federal/summ107.html
[17] H.R. 3113, 106th Cong. (2nd Sess. 2000).
[18] http://www.spamlaws.com/state/summary.html
[19] Del. Code Ann. §937(a).
[20] Del. Code Ann. §937(b).
[21] Del. Code Ann. §937(c).
[22] http://www.spamlaws.com/state/summary.html
[23] U.S Const. art. I, § 8, cl. 3.
[24] See Gibbons v. Ogden, 22 U.S. 1 (1824), Wilson v. Black Bird Creek Marsh Co., 27 U.S. 245 (1829).
[25] H.P. Hood & Sons v. Du Mond, 336 U.S. 525, 534 (1949).
[26] Id. at 533.
[27] Id.
[28] Bacchus Imports, Ltd. v. Dias, 468 U.S. 263 (1984).
[29] Dean Milk Co. v. Madison, 340 U.S. 349 (1951).
[30] Hughes v. Oklahoma, 441 U.S. 322, 337 (1979).
[31] Hunt v. Washington State Apple Advertising Comm'n, 432 U.S. 333 (1977).
[32] Baldwin v. G.A.F. Seeling, Inc., 294 U.S. 511 (1935).
[33] 397 U.S. 137 (1970).
[34] Id. at 142.
[35] Lamm v. Volpe, 449 F.2d 1202, 1203 (10th Cir. 1971).
[36] Kelley v. Johnson, 425 U.S. 238, 247 (1976).
[37] City of El Paso v. Simmons, 379 U.S. 497, 584 (1965).
[38] Minnesota v. Clover Leaf Creamery Co., 449 U.S.456, 472 (1981).
[39] Healy v. Beer Institute, 491 U.S. 324, 337 (1989).
[40] Lewis v. BT Investment Managers., Inc., 447 U.S. 27 , 43 (1980)
[41] Southern Pac. Co. v. State of Ariz. ex rel. Sullivan, 325 U.S. 761, 773 (1945).
[42] There is debate over exactly how far this extraterritoriality principle goes, and whether it is simply an outgrowth of dormant commerce clause jurisprudence, or it also related to the Due Process and Full Faith and Credit clauses. See Goldsmith and Sykes, The Internet and the Dormant Commerce Clause, 110 Yale L. J. 785, 803-806 (2001).
[43] 969 F.Supp. 160 (1997).
[44] Id. at 163.
[45] Id. at 169.
[46] Id. at 172.
[47] Edwards v. California, 314 U.S. 160, 172-73 (1941).
[48] Pataki, 969 F.Supp. at 173-74.
[49] Id. at 177.
[50] Id. at 178.
[51] There is somewhat of a contradiction in the court's analysis here. In the extraterritoriality analysis, the court presupposes that the act will have real effects on out-of-state conduct, while in the Pike balancing, the court realistically admits that New York will have little effect on out-of-state offenders. It appears that under the extraterritoriality analysis, it is more important to look at the potential effects, even if in reality the challenged law will have little effect on wholly out-of-state conduct.
[52] ACLU v. Johnson, 194 F.3d 1149 (10th Cir. 1999).
[53] 94 Cal.Rptr.2d 453 (Cal. 2000).
[54] California Penal Code section 288.2 (2000).
[55] Hatch, 94 Cal.Rptr.2d at 473.
[56] The court does not explicitly invoke the Pike test by name, but includes it in its discussion of the inconsistent national regulation argument at page 473.
[57] Hatch, 94 Cal.Rptr.2d at 472.
[58] Arguably, with zero burden on interstate commerce at all, there would similarly be zero requirement for a legitimate state interest to be served. This is academic, however, since it is impossible to think of a state statute that could purportedly affect interstate commerce in some manner, yet not serve some miniscule state interest.
[59] Washington v. Heckel, 24 P.3d 404 (Wash. 2001).
[60] Wash. Rev. Code §19.190.020 (2001).
[61] Spammers will sometimes falsify the return e-mail address to make it look as if it came from a reputable internet domain, or include a reputable internet domain's name in the message body in the form of an implicit endorsement.
[62] Wash. Rev. Code §19.190.020 (2001).
[63] Heckel used the free juno.com e-mail service to send out his bulk mailings. When juno.com would discover that he was spamming, they would delete that account, and Heckel would simply open a new account up. As a result, the return e-mail addresses that Heckel used with his messages were closed down within days, effectively making the return e-mail address useless.
[64] Heckel, 24 P.3d at 412.
[65] Id.
[66] Heckel, 24 P.3d at 409.
[67] Heckel, 24 P.3d at 409-10.
[68] Heckel, 24 P.3d at 411.
[69] Ferguson v. Friendfinders, Inc., 115 Cal.Rptr.2d 258 (Cal. 2002).
[70] Cal. Bus. & Prof. Code 17538.4 (2002).
[71] Friendfinders, 115 Cal.Rptr.2d at 265-66.
[72] Id. at 267-68.
[73] Id. at 268-69.
[74] Id.
[75] There is an entire sub-industry devoted to anti-spam software, including programs with such unique names as SpamCop, SpamEater, and SpamKiller. For more on these companies, visit the webguide page at http://www.business2.com/webguide/0,1660,66086,00.html
[76] Or for that matter, users may opt to delete the non-adult messages and only view the adult ones.
[77] Friendfinders, 115 Cal.Rptr.2d at 266.
[78] For a summary of cases in which computer use created personal jurisdiction, see Intercon, Inc. v. Bell Atlantic Internet Solutions, Inc. 205 F.3d 1244, 1248 (10th Cir. 2000).
[79] The burdens imposed by a law such as this seem facially apparent. When states have inconsistent subject line requirements, and thus the same message cannot be legal in two states, e-mail senders must know the location of each and every recipient before they can send e-mail. Since this is essentially an impossible burden on spammers, it should not survive a DCC challenge. If, on the other hand, the statutes apply only to intrastate conduct, then a spammer who is a resident of California must only concern himself with the specific California requirements, which may or may not be consistent with those of other states.
[80] The reality is that any spammer who is conscientious enough to meet the requirements of the affirmative defense will most likely never be sued in the first place.
[81] Lorillard Tobacco Co. v. Reilly, 533 U.S. 525, 553-54 (2001).
[82] 447 U.S. 557 (1980).
[83] For a discussion of the substantiality of the government interest in relation to telemarketing, see Bland v. Fessler, 88 F.3d 729, 734 (9th Cir. 1996).
[84] Lorillard Tobacco, 533 U.S. at 556.
[85] Id.
[86] This is the obscenity test from Miller v. California,
413 U.S. 15 (1973).