CAN of Worms?: New Decision Opens CAN-SPAM Private Right of Action to Non-ISPs

Posted on November 6, 2008 by Proskauer Rose LLP

 

A recent decision in the Western District of Washington broadly defines the reach of the private right of action under the federal CAN-SPAM statute. In that case, Haselton v. Quicken Loans Inc., W.D. Wash., C-07-1777, 10/14/08, the court held that a company had standing to sue alleged spammers even though it is not an Internet service provider (ISP) and does not provide e-mail accounts to its customers.

 

Plaintiff Peacefire’s website allows its users to circumvent website filtering and content-control software. Peacefire successfully argued that it is an “Internet access service” (IAS) within the protection of CAN-SPAM. CAN-SPAM uses the COPPA definition of IAS: “a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services.” 47 U.S.C. § 231(e)(4); 15 U.S.C. § 7702(11). Defendants unsuccessfully argued that only ISPs have standing to sue as IASs. The court rejected that argument, holding that Peacefire qualifies as an IAS because it provides “further access” to the Internet, even though it does not provide consumers with an initial connection point as an ISP. The plain language of this definition, according to the court, does not require an IAS to provide Internet connectivity to end users.

 

In holding that Peacefire is an IAS, the court relied in part on previous rulings, such as the one we discussed here, that social networking sites such as Facebook and MySpace are IASs even though they are not ISPs.

 

The court also held that Peacefire was “adversely affected” by the alleged spamming activity even though it does not provide consumer e-mail accounts. The court agreed that the alleged harms, “reduc[ing] their network speeds, impair[ing] their ability to notify subscribers about new ways to access services, and requir[ing] them to increase server and memory capacity,” were cognizable under CAN-SPAM. The court recognized that CAN-SPAM’s legislative history contemplated precisely these kinds of harms, in addition to the harm caused to individual e-mail account holders.

 

The Haselton ruling clarifies that potential CAN-SPAM plaintiffs extend beyond ISPs. While the court recognized that a private right of action requires greater harm than the spam-related harms suffered by all consumers and businesses, it defined the range of harms broadly enough to allow a wide range of IASs to qualify.
Tags: , , , , , , , ,

Ninth Circuit Applies Pen Register and Mail Principles to Warrantless Monitoring of Internet Traffic

Posted on July 26, 2007 by Proskauer Rose LLP

In a novel case, the Ninth Circuit ruled on July 6, as amended July 25, that government surveillance of Internet Protocol (“IP”) addresses visited, to/from addresses of emails, and the total volume of information sent to or from an email account does not violate the Fourth Amendment. United States v. Forrester, No. 05-50410, -- F.3d -- (9th Cir. July 6, 2007). The ruling does not affect the requirement that the government obtain a search warrant before searching the actual content of that Internet traffic. 

The defendant in United States v. Forrester, Dennis Louis Alba, was charged and convicted of various federal offenses relating to the operation of an Ecstasy-manufacturing laboratory. During the government’s investigation of Alba, it installed a device on Alba’s computer that gathered the IP addresses of the websites he visited, the to/from addresses of his emails, and the total volume of information sent to or from his email account. In his appeal, Alba contended that the surveillance constituted a warrantless search in violation of the Fourth Amendment and fell outside of the then-applicable pen register statute. The Ninth Circuit addressed the merits of Alba’s first contention, but found it unnecessary to address the second.  

The Ninth Circuit applied the Supreme Court’s analysis in Smith v. Maryland, 442 U.S. 735 (1979), in which the Court held that a pen register does not constitute a Fourth Amendment search. The Court so held because pen registers merely track phone numbers dialed and do not reveal the actual contents of conversations. Cf. Katz v. United States, 289 U.S. 347 (1967) (holding that one can have legitimate expectation of privacy in the contents of one’s phone conversations).  The Ninth Circuit reasoned that the government’s surveillance of Alba’s activity was “constitutionally indistinguishable” from surveillance via a pen register because accessing IP addresses involves the transmission and receipt of a unique identifier, which does not reveal actual content, via the third-party equipment of an internet service provider.  An Internet user therefore does not have a legitimate expectation of privacy in the IP addresses he or she accesses.

For the same reasons, the court found that surveillance without a judicial warrant of the senders and recipients of Alba’s e-mail and the volume of information flowing through his e-mail account did not violate the Fourth Amendment. The court also analogized to physical mail: the government may, without a warrant, note the addresses on the outsides of envelopes and the volume of mail sent to and from a particular address.   

Interestingly, the Ninth Circuit opined that unwarranted surveillance of another form of webpage identification, the uniform resource locator (URL), could pose Fourth Amendment problems. URLs identify particular documents within a website and often contain the search terms a user might employ to find that particular document. Surveillance of URLs therefore is more likely to reveal the content of communications than surveillance of IP addresses and is more likely to violate Katz.
Tags: , , ,