Recently the Third Circuit Court of Appeals ruled on Ferrone v. Onorato, No. 07-4299, 2008 WL 4763257 (3rd Cir. October 31, 2008) addressing this issue specifically. Evan Brown at InternetCases has a post up about the court’s finding. He says:

The court held that the First Amendment’s prohibition on the “abridgement” of the right to petition the government requires a plaintiff to show an actual intent on the part of the government to diminish this right. The court refused to accept Ferrone’s argument that the act of blocking email messages alone, without an examination of the government’s intent, would rise to the level of a constitutional violation.

In my lay reading of the ruling and the blog post indicates that government offices are able to block email messages without violating sender’s first amendment rights. More interestingly is the application of this ruling to advocacy programs. All of us have seen cases where we can send a letter to any (or many) elected officials through the simple expediency of entering a name and clicking submit on an online petition site. Could this ruling be used to justify blocking email from such sites? Does blocking that email rise to the level of deprive a citizen of her Constitutional rights? What if the volume of email is high enough to cause email delays, as happened recently with Congress?

These are questions that may need to be mediated by further court cases. On the good side, the Third Circuit’s ruling is quite clear that blocking abusive mail is not a violation of First Amendment rights. While I do not think that this will stop spammers from claiming that blocking is a violation of their rights, it does remove one more legal avenue from their attempts to force recipients to accept their mail.

“MySpace has zero tolerance for those who attempt to act illegally on our site,” [MySpace Chief Privacy officer] Nigam said in a statement. “We remain committed to punishing those who violate the law and try to harm our members.”

These are two of the spammers responsible for me learning to read headers and report spam. Both of them have previous judgments against them. Wallace sued AOL to force AOL to accept his mail. Eventually the judge ruled against Cyber Promotions and Wallace.

The Court declares that Cyber Promotions, Inc. does not have a right under the First Amendment to the United States Constitution or under the Constitutions of Pennsylvania and Virginia to send unsolicited e-mail advertisements over the Internet to members of American Online, Inc. and, as a result, American Online, Inc. may block any attempts by Cyber Promotions, Inc. to do so.

This case was one of the first to declare that ISPs could block mail and is still cited in spam related cases. (Text of Ruling, AOL page on Cyber Promotions Case)

Walt Rines was less involved in lawsuits with ISPs, but after the demise of Cyber Promotions and his trade group (IEMMC), moved on to infecting PCs with spamware. The FTC put an end to that.

MySpace has now put an end to their account stealing and spamming through social networking sites.

I wonder what way they will discover to dump unwanted advertising on people next?

The new rule provisions address four topics: (1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender; (2) the definition of “sender” was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act’s opt-out requirements; (3) a “sender” of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Act’s requirement that a commercial e-mail display a “valid physical postal address”; and (4) a definition of the term “person” was added to clarify that CAN-SPAM’s obligations are not limited to natural persons.

Once the rules are published, I will be sure to link to them and comment on them here. From the FTC press release, it seems that the rules are reasonably sane and any current mailer following best practices will already be in compliance.

Hat tip: MailChimp

Sanford Wallace (the spammer that prompted me to start figuring out how to read headers) lost his suit with MySpace for failure to comply with court orders and failing to turn over documents.

Scott and Steve Richter are in the Washington Post today in an article discussing hijacked IP space. Reading the Post article, though, it appears that Scott legitimately bought a business with a /16 and there is no hijacking going on. Spammers have hijacked IP space illegitimately in the past, but this does not seem to be the case.

One is a post over on Eric Goldman’s blog by Ethan Ackerman discussing the Jeremy Jaynes case. It is quite an info heavy post, but well worth a read.

In addition to not having the time to fully read Ethan’s post and understand the legal subtleties he is discussion, I have not quite had the time to blog about two e360 filings that showed up this week.

The first is a filing by Spamhaus’ lawyers asking for the judge to compel e360 to participate in the discovery process. If you remember e360 won a default judgment against Spamhaus for over $11M. Spamhaus filed an appeal and the Seventh Circuit Court upheld the judgment but vacated damages. Spamhaus and e360 were ordered to conduct discovery on the damages.

I would assume that e360 would be eager to demonstrate the amount of damages Spamhaus caused them, but it appears this is not the case. According to the filing e360 has been missing deadlines and even skipped a planned deposition. The exhibits show numerous email conversations between the lawyers, with e360′s lawyers making repeated promises to deliver, and then failing to follow through.

There are a couple statements in the filing that stood out. First, this paragraph which contains a statement that should have e360′s lawyers shaking in their shoes.

Moreover, the posture of this case makes Plaintiffs’ failure to timely respond to discovery even more troubling. Plaintiffs’ Motion for Default Judgment, filed almost 21 months ago on August 30, 2006, included an affidavit by David Linhardt, stating under oath that Plaintiffs had suffered (1) loss of revenue from cancelled active and pending contracts of $2.465 million and (2) lost prospective business opportunities, enterprise value and reputational damage in the amount of $9.25 million. Presumably, counsel’s duties required counsel to conduct a proper investigation of the basis for these claims (including supporting documents) before filing any affidavit in August 2006. And yet now in the course of discovery in relation to Plaintiffs’ damages claims, Plaintiffs are unable to timely provide any evidence to support the assertion made under oath in an affidavit to this Court. If Plaintiffs were able to make sworn statements that their damages exceeded $11 million in August 2006, the evidence and documentation used to make that determination should have been provided months ago.

Reading between the lines, the Spamhaus lawyers have thrown down the gauntlet and pointed out that the information used to calculate the damage amount should have been collected before the case was even filed and if they lawyers did not have that information, they failed in their duty as officers of the court. I expect this means that the number has only a slight basis in fact, and e360 is struggling to justify the number they plucked out of the air back in 2006.

Of other amusement, Mr. Linhardt skipped a scheduled deposition back in January. He just plain did not show up, no notice, no excuse, nothing. An unwise move on his part, but the crowning glory is that in the responses to the interrogatories e360 repeatedly objects on the basis that the questions “ask for a narrative and are better answered in oral testimony.” I will give e360 and their legal staff credit, it takes a lot of audacity to avoid oral testimony by not showing up and avoiding written testimony by claiming you would rather testify orally.

The other legal filing this week was a motion by e360 to have the judge in e360 v. Comcast reconsider his decision. It seems that e360 is convinced that Comcast is acting in bad faith and the judge is too since the judge said “some people may call e360 a spammer.” This statement is clearly true, a lot of people call e360 a spammer. This filing seems to be a prelude to an appeal, talking with some legal folks it seems judges are not prone to saying, “You’re right! I ruled wrong the first time!”

Given e360 cannot seem to manage meeting deadlines for a single case, it will be interesting to see how well they meet deadlines handling 2 cases (e360 v. Spamhaus, e360 v. Comcast counterclaim) and an appeal (e360 v. Comcast). Just repeating the same arguments and statements over and over has not gotten them very far up until now. At some point, they are going to have to actually start proving their cases.

Plaintiff e360Insight, LLC is a marketer. It refers to itself as an Internet marketing company. Some, perhaps even a majority of people in this country, would call it a spammer

In the end, the judge ruled that Comcast has immunity for their actions under 230(c) and ruled in their favor.

I grant judgment on the pleadings with respect to the complaint as a whole on the grounds that § 230(c) precludes proceeding on any of the claims. Alternatively, I dismiss the remainder of the claims for the reasons stated above.

The judge has one of the better summaries of 230(c) in regards to email.

The initial question is whether the kind of unsolicited and bulk e-mails (whether you call them spam or mass marketing mailings) are the sort of communications an entity like Comcast could deem to be objectionable. A few courts have addressed the issue and answered “yes.” See Optinrealbig.com, LLC v. Ironport Systems, Inc., 323 F.Supp.2d 1037 (N.D. Cal. 2004) (company that forwarded spam complaints to ISPs entitled to immunity). Indeed, section 230 imposes a subjective element into the determination of whether a provider or user is immune from liability. Zango, Inc. v Kaspersky Lab, Inc., No. 07-0807, slip. op. at 6-7 (W.D. Wash. Aug. 28, 2007) (noting that section 203(c)(2) only requires that the provider subjectively deems the blocked material objectionable); Pallorium v. Jared, 2007 WL 80955, at *7 (Cal. Ct. App. Jan. 1, 2007) (same). This standard furthers one of section 230′s goals “to encourage the development of technologies which maximize user control over what information is received by individuals, families, and schools who use the Internet and other interactive computer services.” § 230(b)(3). Here, there is no question that Comcast, through the use of its numerous programs, software, and technologies, considers the material sent by e360 via e-mail objectionable.

He goes on to evaluate the protections of 230(c) against the text of CAN SPAM

But compliance with CAN-SPAM, Congress decreed, does not evict the right of the provider to make its own good faith judgment to block mailings.  Section 7707 of the Act says that nothing in the Act shall “have any effect on the lawfulness . . . under any other provision of law, of the adoption, implementation, or enforcement by a provider of Internet access service of a policy of declining to transmit, route, relay, handle or store certain types of electronic mail messages.”  See White Buffalo Ventures, LLC v. University of Texas, 420 F.3d 366, 371 (5th Cir. 2005); § 7707(c).

Under the law, a mistaken choice to block, if made in good faith, cannot be the basis for
liability under federal or state law.  To force a provider like Comcast to litigate the question of
whether what it blocked was or was not spam would render § 230(c)(2) nearly meaningless.

As the judge has now determined that the protections of 230(c) do apply, and goes on to answer the question “was Comcast acting in good faith” with the answer “e360 did not adequately plead Comcast wasn’t acting in good faith.”

Two other things of note in the ruling. One was the Judge’s comment on the alleged denial of service attack. It was a footnote in the ruling, but worth mentioning.

e360 says, in its brief, that Comcast has also engaged in “denial of service” attacks on their system which acts overwhelm e360′s system and prevent it from sending or receiving e-mails.  e360 also claims that Comcast sends incorrect bounce information to their system with respect to e-mail addresses of those on e360′s opt-in list.  I do not understand what is being alleged.  If e360 means that Comcast is refusing to transmit the e-mails and communicates this fact to e360 by bouncing them back, then it is e360′s choice to submit very large numbers of e-mails for transmission which, after the first Comcast block, it should have known of this possibility and been prepared for it (perhaps by altering its protocols to allow for a connection to be disconnected).  It is hard to see that sending e-mails back, in this context, is a denial of service
“attack” when it is designed to prevent legitimate users of a service from using the service.  It is not an “attack” to prevent users not believed to be legitimate from using a service.  It is also impossible to see the allegations here as stating that Comcast intentionally accesses a computer without authorization.  Unless these computers operate in non-standard ways, the initiation of access is laid at e360′s door, not at Comcast’s.

The other was the judge’s agreement with Comcast that even if 230 did not apply, that e360 failed to state claims on all counts. Another footnote:

Comcast argues that, absent its statutory protection, e360 has failed to state claims on all of its Counts.
(A)  I agree that the Tortious Interference with Prospective Economic Advantage Count is difficult to understand.  I have found no cases in which refusal to allow a plaintiff to run an advertisement in a medium with wide circulation (and thus reducing sales) of plaintiff’s products  or those from whom he is selling constitutes such tortious interference.  Usually the prospective economic advantage is far more concrete than selling to public which consists of people on a very, very long opt-in list.  It is illegal to interfere with a fair number of prospects, but usually they are a class of easily identified individuals and usually the interference is that of the defendant interacting directly with the prospective buyers.
(B)  The claim under CFAA under the “ denial of service” theory fails for the reasons
stated above.
(C)  Comcast is a private enterprise and has no obligation to honor the free speech rights of e360.  C.B.S. v. Democratic Nat’l Comm., 412 U.S. 94 (1973).  Comcast provides services traditionally performed by private enterprises, not the government.  The government does not,  with very few exceptions, connect people with one another through the Internet.  Jackson v. Metropolitan Edison, 419 U.S. 345 (1974) (publicly regulated utility).  The fact that an enterprise is regulated, licensed, or funded by the government does not make the enterprise part of the state.  Wilcher v. City of Akron, 498 F.3d 516 (6th Cir. 2007).

There we go. Comcast prevails, e360 loses. There is no word yet on whether Comcast will continue with the countersuit.

Not being a lawyer, I do not have the credentials or training to fully comment on the ruling. However, in my non-legal opinion, I think the judge demonstrated a firm grasp of the policy and technology involved in blocking spam and applied the law in a way that makes it very, very clear that blocking mail is legal and that a marketing company cannot use the law to attempt to get mail delivered.

Full text of the ruling is up at SpamSuite. I hear he’s currently /.ed so his site might load a little slowly.

US Laws from the FTC website.

European Union Laws from the European Law site.

Two documents on United Kingdom Law from the Information Commissioner’s Office and the Data Protection Laws.

Canadian Laws from the Industry Canada website.

Australian Laws from the Australian Law website.