A Closer Look at the FSC’s Challenge to the Utah Spam Law
SALT LAKE CITY, UT – Last week, the Utah Division of Consumer Protection issued its first fine under the state’s Child Protection Registry law, which was passed in early 2005. The $2500 citation was issued to a Canadian adult website (HoneyIFuckedTheBabysitter.com), which allegedly sent a sexually-explicit email to the email address of a minor – an address which had been registered with the state’s Child Protection Registry.Utah’s Child Protection Registry Act, which took effect in July of last year, was crafted to protect children from being exposed via email to content deemed inappropriate for, or harmful to, minors. This includes not only pornographic materials, but advertising that promotes alcohol, tobacco, firearms, pharmaceuticals and gambling.
Under the Utah law, and a similar law enacted last summer in Michigan, email marketers are required to scrub their lists against registries maintained by a private company called Unspam Technologies, who charges the senders a half cent per address removed during the scrub. Parents, teachers and others acting on behalf of minors can add email addresses to the registry for free.
While the Utah and Michigan laws have found some resonance with lawmakers, and similar bills are being considered by numerous state legislatures across the country, the laws have been widely criticized by free speech advocates, direct advertising associations, mass-email marketers and even the Federal Trade Commission (FTC).
Critics are not only convinced that the methodology will be ineffective, as the vast majority of spam now originates overseas where it will be difficult (if not impossible) to successfully collect fines, there’s also great concern over issues of security, privacy and the Constitutionality of the laws.
The criticism has united, in rare fashion, groups that often find themselves pitted against each other – like branches of the federal government and the Free Speech Coalition, for example. Just last month, the FTC issued a statement saying that such registries present “serious security and privacy risks.”
“It’s rare that we find ourselves in agreement with the federal government,” said chairman of the FSC Jeffrey Douglas, “but in this instance, we’re seeing things eye to eye.”
Douglas said that the Utah and Michigan acts represent a contradiction of the CAN-SPAM Act, and that the states have “adopted an approach that has been systematically rejected by the FTC” as ineffective, too far-reaching, even potentially dangerous.
“The Utah and Michigan acts are nominally to combat spam, but they are far more expansive than that,” Douglas said. “They go way beyond CAN-SPAM; under their structure, a legitimate subscriber to a service or list could very easily end up on the scrub list, even if they are not a minor, and even if they specifically desire – and have confirmed this desire with the merchant – to be on the mailing list in question.”
Douglas equates Unspam Technologies to the character of Harold Hill in The Music Man; “First they convince the state there’s this ‘big problem,’” Douglas said, “and then they sell the state their ‘big solution.’”
While the FTC and many ISPs, including AOL, are reporting a dramatic decrease in the amount of spam (and adult-oriented spam in particular) since the enactment of CAN-SPAM, Unspam Technologies has publicly claimed that the opposite is taking place, and has broadly contradicted statements made by the FTC with regards to the efficacy of CAN-SPAM.
For his part, Matthew Prince, the CEO of Unspam, appears to be a little behind on his data. In a recent interview with WDC Media News (a self-proclaimed “Christian News and Media Agency”), Prince said, “Online pornography is a billion-dollar per year industry, and e-mail is becoming the delivery system of choice for porn purveyors.”
Most experts agree, however, that adult-oriented email has greatly declined in recent months, especially since the FTC’s much-publicized crackdown on several adult affiliate programs, including Global Net Ventures, and the subsequent levying of millions of dollars in fines.
There’s also the open question of how a new law will be any more effective in changing the behavior of marketers who are already violating CAN-SPAM, currently.
“It’s a joke,” Douglas said. “It’s inconceivable that anyone knowingly sending illegal adult spam will stop doing so, just because of these new laws.” Douglas added that the practical effect of the laws will be to “simply create a greater burden on responsible marketers, who are not the problem to begin with.”
Even the states themselves appear to be at least somewhat aware of the weaknesses inherent in the registry laws. Within the Utah version of the act, there’s a section concerning a disclaimer required to be placed on the website where parents can add their child’s email addresses to the registry. The language of the required disclaimer is as follows:
(From the Utah state code, section 13-39-201(c):
“The division shall provide a disclosure to a person who registers a contact point under this section that reads: ‘No solution is completely secure. The most effective way to protect children on the Internet is to supervise use and review all email messages and other correspondence. Under law, theft of a contact point from the Child Protection Registry is a class B felony. While every attempt will be made to secure the Child Protection Registry, registrants and their guardians should be aware that their contact points may be at a greater risk of being misappropriated by marketers who choose to disobey the law.’” (Note: emphasis added by author)
Thus, right in the body of a law designed to protect children is a statement to the effect that registering a child on the list could very well increase the likelihood of that child receiving the very sort of inappropriate email the law is ostensibly designed to protect him or her from.
“I think these laws are conceptually honorable,” said adult industry attorney Robert Apgood of CarpeLaw.com, “but they are very bad implementation of a generally noble idea.” Apgood added that, as a process, “to provide anybody with a list of your customers, even if it’s for an ostensibly ‘righteous’ purpose, is problematic for a couple reasons.”
First, Apgood said, there’s the question of how handing over your customers’ contact information to a third party meshes with your site’s stated privacy policy (if it has a stated privacy policy). Second, and more troubling, is the fact that the list maintained by the state “allows nefarious types to harvest a list, and then check it against the state’s list, in order to isolate the children on their own list.” This amounts to a “very convenient tool for those who seek to do children harm,” Apgood said, “which is reason enough why the laws shouldn’t be allowed to stand, and we haven’t even gotten started on the Constitutional issues yet.”
The FSC has mounted a challenge to the registries in Utah and Michigan, and anticipates that the fight may well spread to other venues, should more states adopt similar laws.