Header graphic for print
Privacy Law Blog

CAN of Worms?: New Decision Opens CAN-SPAM Private Right of Action to Non-ISPs

Posted in CAN-SPAM

 

A recent decision in the Western District of Washington broadly defines the reach of the private right of action under the federal CAN-SPAM statute. In that case, Haselton v. Quicken Loans Inc., W.D. Wash., C-07-1777, 10/14/08, the court held that a company had standing to sue alleged spammers even though it is not an Internet service provider (ISP) and does not provide e-mail accounts to its customers.

 

Plaintiff Peacefire’s website allows its users to circumvent website filtering and content-control software. Peacefire successfully argued that it is an “Internet access service” (IAS) within the protection of CAN-SPAM. CAN-SPAM uses the COPPA definition of IAS: “a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services.” 47 U.S.C. § 231(e)(4); 15 U.S.C. § 7702(11). Defendants unsuccessfully argued that only ISPs have standing to sue as IASs. The court rejected that argument, holding that Peacefire qualifies as an IAS because it provides “further access” to the Internet, even though it does not provide consumers with an initial connection point as an ISP. The plain language of this definition, according to the court, does not require an IAS to provide Internet connectivity to end users.

 

In holding that Peacefire is an IAS, the court relied in part on previous rulings, such as the one we discussed here, that social networking sites such as Facebook and MySpace are IASs even though they are not ISPs.

 

The court also held that Peacefire was “adversely affected” by the alleged spamming activity even though it does not provide consumer e-mail accounts. The court agreed that the alleged harms, “reduc[ing] their network speeds, impair[ing] their ability to notify subscribers about new ways to access services, and requir[ing] them to increase server and memory capacity,” were cognizable under CAN-SPAM. The court recognized that CAN-SPAM’s legislative history contemplated precisely these kinds of harms, in addition to the harm caused to individual e-mail account holders.

 

The Haselton ruling clarifies that potential CAN-SPAM plaintiffs extend beyond ISPs. While the court recognized that a private right of action requires greater harm than the spam-related harms suffered by all consumers and businesses, it defined the range of harms broadly enough to allow a wide range of IASs to qualify.