Category Archives: CAN-SPAM

Standing under the CAN-SPAM Act

The CAN-SPAM Act (15 U.S.C. 7701, et seq.) provides a private cause of action for providers of an Internet access service to use against spammers, in addition to the enforcement of the Act by the FTC, states, and other government entities.

In order to have standing to bring a case, however, a private plaintiff must first prove that he or she is the provider of an internet access service, and must have been adversely affected by a violation of the Act. An Internet access service is defined in Section 7702(11) and 47 U.S.C. 231(e)(4) as “a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services.”

A recent decision of the District Court of the Western District of Washington, Haselton v. Quicken Loans, Inc, (2010 WL 1180353, March 23, 2010) is informative on this issue. Plaintiff Haselton hosts hosts websites and provides programs that allow Internet users to circmumvent Internet blocking software and access blocked Internet content. The decision does not elaborate greatly on the Defendants’ business, but suffice it to say it involves sending unsolicited email messages.

The court relied on a 9th Circuit decision from 2009 (Gordon v. Virtumundo, Inc., 575 F.3d 1040, 9th Cir. 2009) which also dealt with the standing issue. The Act is intended to provide only a limited cause of action to a limited array of potential plaintiffs.

In Gordon, the Plaintiff did not control the hardware and relied on a third party for his internet access. Further, Gordon had purposefully avoided using even minimal efforts to reduce the level of spam messages. In this case, the Court found that Haselton had only a “nominal role” in providing Internet access services, and further made no effort to prevent the reception of spam emails. So, this Court held Haselton was not the provider of a bona fide Internet access service.

The Court also held that Haselton did not have standing because he was not adversely affected by a violation of the Act. While Haselton claimed reduced system performance and increased server costs, the fact that he had not taken any effort to implement a spam filter cut against any such complaints. As a result, the Court entered partial summary judgment for Defendants on the issue of the CAN-SPAM act due to this lack of standing. I understand that Plaintiff’s claims under Washington state law will still proceed.

Recent “Phishing” conviction in California

A California man was recently convicted of a “phishing” scam.  Specifically, Mr. Goodin’s conviction is based upon violations of the CAN-SPAM act (15 U.S.C. §§ 7701 et seq.), as well as 10 additional counts, including wire fraud, misuse of the AOL trademark, and attempted witness harassment.

The article here at Mercury News makes a big deal of his conviction under the CAN-SPAM act, as it is the first in the country.  However, it really is notable as a phishing conviction, it’s just that the scheme was operated by sending out spam.  The spam consisted of “phishing” emails that appeared to be coming from AOL’s billing department.  He succeeded in convincing AOL members that they needed to resubmit their billing information at his site that the misleading messages directed users towards.

According to the article, sentencing will be in June.  He faces up to 101 years on all counts.