An absence of regulation has allowed the Internet to grow with astonishing speed, but this absence means that anti-social activities such as spamming are difficult to control. Spam, or electronic junk mail, has become the bane of anyone who has an email account, as time is wasted editing and dumping it.
Ideally spamming would be stopped by technical means such as excluding filters, but no satisfactory system exists at present. The law may offer a solution. For example last November the German courts issued a temporary injunction against a spammer, who sent unsolicited commercial messages to private email addresses. The Court held that this amounted to an unfair commercial practice and warned the defendant that if he engaged in spamming again he could go to prison for up to two years.
Inevitably, it is America which has produced the largest body of caselaw. Spamming is an activity which suggests a wide variety of causes of action. Firstly, the content of an email may be illegal. In March 1998, the Federal Trade Commission initiated an action against a spammer which had tried to lure investors with a scheme which offered a "100.8% return on investment" in the first year or a full refund; the spammer succeeded in generating investments ranging from $5,000 to $7,500. Since neither claim was true, the action was commenced under US consumer laws.
Irish law exists to control the content of advertisements: the Consumer Credit Act 1995 and the Consumer Information Act 1978; these might be applied also to spam email Litigation might also be initiated if a spam contained obscene or defamatory material.
Spamming is a problem for Internet service providers (ISPs) as it clogs up their systems and irritates their customers. In the US, America On Line (AOL) has sued a host of spammers. Last November it got a preliminary injunction preventing a spammer called Over the Air Equipment, prohibiting the spammer from sending unsolicited emails to AOL subscribers. An Irish ISP might have a claim against an Irish spammer, but things would get more complicated if the spammer was based abroad. Legal jurisdictions have yet to adapt to the realities of a global network such as the Internet and this will complicate any spam-related litigation. Although one Tokyo-based ISP has recently initiated an action against an American spammer in the Californian courts, most ISPs will be deterred by the cost and inconvenience of such actions.
The fact that spammers use fake or borrowed email addresses might also give rise to a cause of action; in Parker v. CN Enterprises, the plaintiff owned the domain name flowers.com.
In March 1997 the defendants sent out a spam to millions of email addresses, the spam having the return email address of flowers.com. Unfortunately, many thousands of the email addresses to which the spam was sent were false, and so these messages were returned to the plaintiffs. This swamped the plaintiffs' email and crashed their ISP's server. The plaintiffs initiated a law suit and the Texan Courts granted the plaintiffs a permanent injunction preventing the defendants from using this or any other email address as a return address without the owner's permission and awarded damages of $13,910.
Since spamming is such a scourge, there have been numerous legislative initiatives to deal with it in the USA. The US Senate has just passed a law on `unsolicited e-mail'. If this Act becomes law (it still needs to be passed by Congress and signed by the President) then any such email or spam must contain information detailing the name, physical and electronic address and telephone number of the person who wrote and transmitted the message. Any person who receives the message may request the sender to desist from sending any further messages. If the request is disregarded, a fine of up to $15,000 may be imposed on the spammer, damages of $15,000 may be imposed and the courts may grant an injunction to force the spammer to desist. California, home to Silicon Valley, is drafting more stringent legislation which will make it an offence, to knowingly use or disrupt computer services without permission or to knowingly use another's domain name. Penalties can be as high as a $10,000 fine and three years imprisonment.
In Ireland the law of Data Protection may offer a solution. Under section 2(7) of the Data Protection Act 1988, where personal data is kept for the purposes of direct marketing an individual (or `data subject') may request in writing that the person who controls that data erase it. The data must then be erased and the individual must be notified in writing of the erasure within 40 days. This law is highly effective so long as everyone concerned resides in Ireland but, if the spammer is resident in Ulan Bator or the Ukraine, Ireland's data protection laws will be difficult to enforce.
The USA has no parallel to Europe's data protection laws but if the jurisdiction problem can be solved (a very big if), these laws may ensure that spamming does not become as great a problem in Europe as it has there.
Denis Kelleher, co-author of Information Technology Law in Ireland, is at dkeleher@indigo.ie.