This document summarizes key aspects of privacy concerns and regulations regarding marketing and commercial communications, specifically the CAN-SPAM Act of 2003. It outlines what CAN-SPAM does and does not do, its principal requirements regarding from lines, subject lines, opt-out mechanisms, and plaintiffs. It also discusses regulatory timelines, determining when CAN-SPAM applies, selected court cases, and issues of preemption and state spam regulation.

1. Privacy Concerns in Marketing
and Commercial Communications
Bennet Kelley Liisa M. Thomas
June 2, 2009

2. In the Beginning . . .
Pyramids of Giza, Egypt.
© Digital Vision/Getty Images

3. There was California . . .
“We are saying that unsolicited e-mail cannot be sent
and there are no loopholes . . . We don't differentiate
between Disney and Viagra.
If you go out and rent a list of e-mail addresses, by
definition you are not a legitimate business. You are
the person we are trying to stop.”
Former California State Senator Kevin Murray
Author of SB 186

4. 84 days later . . .
President George W. Bush signing the CAN-SPAM Act (Dec. 16, 2003).
Controlling the Assault of Non-Solicited Pornography And Marketing Act
on-

5. CAN-SPAM Act of 2003
CAN-SPAM IS . . . CAN-SPAM DOES NOT . . .
• anti-
An anti-fraud and disclosure • “Can Spam” – except for wireless spam
statute
• Include a “Do Not Email Registry”
• Applies to an email where the
“primary purpose” is commercial
advertisement or promotion of a • Impose an “ADV” labeling requirement
product or service
• Create a general private right of action
• Applicable to bulk and single
emails • Generate stimulating cocktail party
conversations

6. Regulatory Timeline
2004: FTC Final Rule on Adult Labeling
FCC CAN-SPAM Rules
2005: FTC (1) Final Rule on Primary Purpose of Email; and
(2) Proposed Discretionary Rules
2006:
2006
2007:
2008: FTC Final Discretionary Rules

7. Determining When
CAN-SPAM Applies

8. CAN-
CAN-SPAMENCLATURE
SENDER -- means a person who initiates a
commercial e-mail and whose product, service,
or Internet web site is advertised or promoted
by the message.
INITIATE -- means to originate or transmit, or
procure the origination or transmission of, such
an e-mail message.
PROCURE -- means intentionally to pay or
induce another person to initiate the message
on one's behalf, while knowingly or consciously
avoiding knowing the extent to which that
person intends to comply with this Act.

9. CAN-SPAM Principal Requirements

10. From Line
 FTC: must give the recipient enough
information to know who is sending the
message
 Not deceptive to use multiple domains
Kleffman v. Vonage Holding Corp. (C.D. Cal. 2007).
 Not misleading to use non-corporate address
where domain may be checked using “Who
Is” Gordon v. Virtumundo, Inc. (W.D. Wash. 2007)
 Fake address can get you in the dog house.

11. Designated Sender Rule
Must Be a Sender
• Name must be in the “From” Line CAN-
Under CAN-SPAM
• Must be Responsible for CAN-SPAM Cannot designate
compliance Non-
Non-Sender
• Dropped requirement that Designated
Sender be in control of the content or the
mailing list used

12. 12

13. Subject Lines
• Senate Report
– test is whether the person initiating the message knows
that the subject heading would be likely to mislead a
reasonable recipient about a material fact regarding the
content or subject matter of the message
• “New MySpace Phone” subject line misleads consumers
by creating false sense of sponsorship by MySpace.
– MySpace, Inc. v. The Globe.com, Inc. (C.D. Cal. Feb. 27, 2007)
• “Free Gift” subject lines violate CAN-SPAM
– Adteractive, (C.D.
FTC v. Adteractive, Inc. (C.D. Cal. 2007)

14. Opt-Out Mechanism
• Opt-Out Basics
– May offer options, but total opt-out must be
options, opt-
one of them
– 10 days to remove
– No further use of email address after opt-out
opt-
– Separate Business Units:
Opt- opt-
Opt-out for Saab not opt-out for all of GM
• Discretionary Regs
– Cannot impose any conditions on opt-out
opt-
(e.g
e.g, information)
requests (e.g, fee or provide information)

15. CAN-SPAM Plaintiffs
 No Consumer Private Right of Action
 FTC & State AGs
 Internet Access Service Provider (IASP)
 Adversely Effected by Violation
 Must demonstrate substantial harm
 Civil Penalties
 $25 – $250 per email
 $2 million maximum
 Damage Adjustments
 Treble damages if willful
 Reduction if violation occurred despite
commercially reasonable efforts to maintain
compliance”
15

16. CAN-SPAMIGATORS
Faux ISPs
Established to Prosecute
CAN-SPAM Actions
 Small, free service can qualify
Hypertouch v. Kennedy-Western University, 2006 WL 648688 (N.D. Cal. 2006)
 But must demonstrate substantial harm
- e.g., bandwidth, hardware, connectivity,
overhead, staffing or equipment costs
Asis Internet Services, v. Optin Global, Inc., 2008 WL 1902217 (N.D. Cal. March 27, 2008 )

17. Sender Liability
 FTC unsuccessful in seeking strict
liability
 Advertiser liable if “actual knowledge,
or by consciously avoiding knowing”
about affiliate violations
 Strict anti-spam policies and policing of affiliates
defeated allegation of intent.
Hypertouch v. Kennedy-Western University, 2006 WL 648688 (N.D. Cal. 2006)
– No duty to investigate
Asis Internet Services, v. Optin Global, Inc., 2008 WL 1902217 (N.D. Cal. March 27, 2008 )

18. CAN-SPAM PREEMPTS ALL
STATE REGULATION OF
EMAIL EXCEPT STATE LAWS
• Regulating falsity or deception in
email
• Not specific to email, including
State trespass, contract, or tort law;
or
• Other State laws to the extent that
those laws relate to acts of fraud or
computer crime

19. Rulings On State Spam
Regulation
• Misrepresentation must be
material
Omega World Travel, Inc. v. Mummagraphics, Inc. (4th Cir. 2006).
• States cannot dictate form of
from line
Kleffman v. Vonage Holding Corp. (C.D. Cal. 2007); Gordon v.
Virtumundo, Inc.(W.D. Wash. 2007).
• Courts split on whether state
regulation must be based on
traditional notions of fraud
• Yes. ASIS Internet Service v. Optin Global, Inc. (N.D. Cal.
2008); Hypertouch v. ValueClick, (LA Super. Ct. May 4, 2009).
• No. ASIS Internet Service v. Vista Print (N.D.Cal. 2009).
• First Amendment requires
that it not impinge non-
commercial email
Virginia v. Jaynes (Va. 2008).

20. Preemption’s Back Door?
• Utah/Michigan
Child Registry Laws
– Makes sending prohibited email a “computer
crime”
– Free Speech Coalition, Inc. v. Shurtleff,
Utah Federal Court refused to enjoin law finding it
fell within exception for computer crime
• DOJ filed brief supporting this position
• New Colorado Spam Law
– Makes violation of CAN-SPAM a violation of
state deceptive practices and computer fraud laws
– Higher Penalties
– Is this a backdoor to creating private right of
action under CAN-SPAM?

21. Selected Cases: CAN-SPAM Act
CAN-
Advertiser Liability
 ASIS Internet Services, v. Optin Global, Inc., 2008 WL
Inc.,
1902217 (N.D. Cal. March 27, 2008 )
 Hypertouch v. Kennedy-Western University, 2006 WL
Kennedy- University,
648688 (N.D. Cal. 2006)
 US v. Cyberheat, 2007 U.S. Dist. LEXIS 15448 (N.D. Ariz.
Cyberheat,
2007)
 US v. Implulse Marketing, No. CV05-1285RSL (W.D.
Marketing, CV05-
Wash. June 8, 2007)
From and Subject Lines
 FTC v. Adteractive, Inc., No. Case No. CV-07-5940 SI
Adteractive, Inc., CV-07-
(C.D. Cal. 2007)
 Gordon v. Virtumundo, Inc., Case No. 06-0204-JCC (W.D.
Virtumundo, Inc., 06-0204-
Wash. May 15, 2007)
 Kleffman v. Vonage Holding Corp., Case No. CV 07-
Corp., 07-
2406GAFJWJX (C.D. Cal. May 23, 2007)
 MySpace, Inc. v. The Globe.com, Inc. No. CV 06-3391-
06-3391-
RGK (JCx) (C.D. Cal. Feb. 27, 2007)
(JCx)

22. CAN-
CAN-SPAM Cases Pt 2
Preemption
 Asis Internet Services, v. Optin Global, Inc., 2008 WL 1902217 (N.D. Cal.
March 27, 2008 )
 Asis Internet Services v. VistaPrint USA, Inc., No. C 08-5261-SBA (N.D.
Cal. May 5, 2009)
 Free Speech Coalition, Inc. v. Shurtleff, No. 2:05CV949DAK, 2007 U.S.
Dist LEXIS 21556 (D. Utah Mar. 23, 2007)
 Gordon v. Virtumundo, Inc., Case No. 06-0204-JCC (W.D. Wash. May
15, 2007)
 Hypertouch, Inc. v. ValueClick, Inc., L.A. Super. Ct. No. C081000 (May
4, 2009).
 Kleffman v. Vonage Holding Corp., Case No. CV 07-2406GAFJWJX
(C.D. Cal. May 23, 2007)
 Omega World Travel, Inc. v. Mummagraphics, Inc., 469 F.3d 348 (4th
Cir. 2006)
 Virginia v. Jaynes, 666 S.E.2d 303 (Va. 2008).

23. Bennet Kelley
Bennet Kelley founded the Internet Law Center in 2007 after a
decade of activity in many of the hottest internet issues including
behavioral targeting, cyber squatting, internet marketing and
promotions, net neutrality, privacy, spam and spyware. Prior to
launching the Internet Law Center, Bennet worked in-house with
companies such as ETM Entertainment Network,
SpeedyClick.com, Hi-Speed Media and ValueClick.
Bennet is Co-Vice Chair of the California Bar's Cyberspace
bkelley@internetlawcenter.net Committee and has been a regular contributor to the Journal of
Internet Law.
The Internet Law Center’s is based in Santa Monica but also has a
presence in Washington, D.C. and Columbia, S.C. The firm’s e-
newsletter, Monday Memo, was named one of the top 100 Internet
Law resources and has been nominated for the Los Angeles Press
Club’s Southern California Journalism Award for best in-house or
corporate publication.