FTC, FCC Seek Public Comment on CAN-SPAM

The FTC and the FCC have each recently announced requests for public comment on issues related to the newly-enacted CAN-SPAM Act, Pub. L. No. 108-187, available at http://www.spamlaws.com/federal/108s877.html, which took effect on January 1, 2004. The CAN-SPAM Act sets national standards for unsolicited commercial e-mail, or "spam." To accomplish its purposes, the Act imposes various requirements on those who initiate commercial e-mail messages. Under the Act, those who send deceptive or misleading commercial e-mail messages may be subject to both civil and criminal penalties.

The Act applies to e-mail messages whose "primary purpose" is to advertise or promote a commercial product or service. Id. § 3(2)(A). The FTC is required under the Act to engage in a rulemaking defining the criteria that will be used to determine the primary purpose of an e-mail message. In a March 11 Advance Notice of Proposed Rulemaking ("ANPR"), the FTC requests public comment on the "primary purpose" criteria, as well as on issues that pertain to four areas in which the FTC has discretionary rulemaking authority and, finally, on certain reports that the FTC must submit to Congress. See Definitions, Implementation, and Reporting Requirements Under the CAN-SPAM Act, 69 Fed. Reg. 11,776 (Mar. 11, 2004) (to be codified at 16 C.F.R. pt. 316).¹

While the FTC has primary rulemaking and enforcement authority under the CAN-SPAM Act, the Act also instructs the FCC to work together with the FTC to devise rules restricting unsolicited commercial e-mail messages that are transmitted to wireless devices such as cell phones. See Pub. L. No. 108-187, § 14. The FCC has adopted its own Notice of Proposed Rulemaking ("NPRM") in order to address this issue. See Rules and Regulations Implementing the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003; Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, 69 Fed. Reg. 16,873 (Mar. 31, 2004) (to be codified at 47 C.F.R. pt. 64) [hereinafter FCC NPRM];² see also Press Release, FCC, FCC Seeks Comment on Rules To Eliminate Spam from Mobile Phones (Mar. 11, 2004), available at http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-244843A1.doc. The FCC is primarily interested in receiving comments on how to ensure that senders are able to determine which messages are mobile service commercial messages, and on how to resolve various issues related to the Act's requirement that mobile service subscribers be able to avoid receiving those messages for which they have not given express prior authorization.

FTC Rulemaking

Establishing the "Primary Purpose Criteria"

Since the CAN-SPAM Act generally applies only to messages whose "primary purpose" is commercial, see Pub. L. No. 108-187, § 3(2)(A), the FTC's regulatory definition of "primary purpose" will be central to establishing the scope of the Act. In its ANPR, the FTC offers several possible interpretations of the term “primary purpose.” The term could be read to mean, for example, that an e-mail’s commercial purpose predominates over all of the e-mail’s other purposes combined, that the commercial purpose predominates over any single one of the e-mail’s other purposes, or that the "net impression" created by the e-mail as a whole is commercial. The public is invited to comment on these and other possible interpretations, or to offer other criteria for determining whether the primary purpose of an e-mail is commercial. See Definitions, Implementation, and Reporting Requirements Under the CAN-SPAM Act, 69 Fed. Reg. at 11,779-80.

Defining "Transactional or Relationship Messages"

The Act exempts so-called "transactional or relationship messages" from its provisions. This category of messages includes those messages whose primary purpose is to facilitate, complete or confirm an agreed-upon transaction; to provide warranty, recall or safety information about a product that has already been purchased; to provide certain types of information concerning an ongoing commercial relationship between the sender and the recipient; to provide information on an employment relationship or a related benefit plan in which the recipient participates; or to deliver goods or services to which the recipient is entitled under the terms of a prior transaction. See Pub. L. No. 108-187, § 3(17)(A). The Act gives the FTC discretionary authority to modify the definitions of "transactional or relationship messages," and the FTC is seeking comment on whether and how it should exercise this authority.

The FTC is particularly interested in receiving comments concerning how evolutions in technology or practices may necessitate modifications to the definitions of "transactional or relationship messages." See Definitions, Implementation, and Reporting Requirements Under the CAN-SPAM Act, 69 Fed. Reg. at 11,777.

Modifying the Ten-Day Period for Processing Opt-Out Requests

The CAN-SPAM Act permits e-mail recipients to opt out of further e-mail communications from the sender, and requires senders to honor such requests. See Pub. L. No. 108-187, § 5(a)(4). At present, the Act allows senders ten business days to process opt-out requests, but permits the FTC to modify this time period. The FTC is now requesting public comment on whether this ten-business-day period is reasonable or whether, considering the interest in providing an opt-out option, the interests of spam recipients, and the burdens imposed on those who send lawful commercial e-mail, a time period of a different length would be more reasonable.

The FTC would like to receive comments on, among other things, the procedures involved in removing an e-mail address from a sender’s directory; any impediments to or burdens or benefits of requiring that e-mail addresses be removed within a time period shorter than ten business days; the costs to senders of removing an e-mail address from their directory, as well as the costs to recipients during the ten-business-day period before an opt-out request is effectuated; the average length of time in which opt-out requests are currently processed; the current industry standard on the time frame for processing opt-out requests; and the manner in which the size and structure of a sender’s business and the use of third party e-mailers affect the time required to process opt-out requests. See Definitions, Implementation, and Reporting Requirements Under the CAN-SPAM Act, 69 Fed. Reg. at 11,780-81.

Augmenting the List of Aggravated Violations

The Act establishes a category of "aggravated violations" and provides for significant amounts of additional damages for those who engage in an aggravated violation while simultaneously violating another of the Act’s provisions. See Pub. L. No. 108-187, §§ 7(f)(3)(C), (g)(3)(C). Activities currently identified as aggravated violations in the Act include harvesting e-mail addresses from Internet websites and engaging in "dictionary" attacks, whereby automated means of deriving character combinations are used to generate possible e-mail addresses. See id. § 5(b).

The FTC is permitted to expand upon this list of aggravated violations. The Commission is seeking comment on whether it should do so and, if so, what specific activities should be labeled "aggravated." Of particular interest to the Commission is the advent of any new technologies that could contribute significantly to the proliferation of unlawful commercial e-mail. See Definitions, Implementation, and Reporting Requirements Under the CAN-SPAM Act, 69 Fed. Reg. at 11,781.

Issuing Additional Regulations

The FTC is also soliciting public comment on whether it would be useful to develop additional regulations clarifying certain aspects of the Act. Specifically, the Commission would like to receive comments on whether it should address "forward-to-a-friend" scenarios, in which recipients are invited to forward a message to others; clarify the legal obligations of senders that jointly send a single e-mail; define what types of addresses satisfy section 5(a)(5)(A)(iii)’s requirement that commercial e-mails include "a valid physical postal address of the sender," including by determining whether post office boxes or commercial mail drops are sufficient; and, finally, elaborate upon section 5(a)(1)(B) of the Act, which states that an e-mail bearing a "from" line that accurately identifies the sender will not be considered false or misleading. With regard to the latter issue, the FTC has asked whether senders should be required to identify themselves by name in the "from" line.

The FTC has also asked whether it should clarify the legal obligations of those who are jointly involved in sending a single e-mail. In the example given by the FTC, such a scenario would occur when an e-mail promoting an event includes advertisements from companies sponsoring the event. The FTC would like to receive comment upon whether multiple parties could simultaneously be considered the “sender” of such an e-mail. In its ANPR, the FTC notes that the Act appears to allow for more than one party to be treated as the sender of an e-mail. The FTC seeks input on how to determine who is the sender, as well as on the costs and burdens on companies if several of them are deemed to be senders, and the costs and burdens on consumers if only the entity that originates the e-mail is considered to be the sender. A further, related question is whether such a message may be sent to a recipient who has opted out of receiving e-mails from a party who has placed an advertisement in the message. See Definitions, Implementation, and Reporting Requirements Under the CAN-SPAM Act, 69 Fed. Reg. at 11,778, 11,781.

Commenters are invited to propose any additional areas in which regulations are needed to aid in interpreting or achieving compliance with the Act. See id.

Receiving Input on Reports to Congress

The Act requires the FTC to submit several reports to Congress on the issue of spam. The FTC has requested public comment on reports pertaining to the creation of a nationwide "Do Not E-Mail" Registry, the establishment of a reward system for those who offer information on violations of the Act, the development of a plan for requiring that commercial e-mail be identifiable as commercial in nature from the information contained in the subject line, and an assessment of the effectiveness of the Act.

The Commission's report on the "Do Not E-Mail Registry" must include information about the practicality, technical feasibility, and enforceability of such a registry, as well as information about potential privacy concerns. See Pub. L. No. 108-187, § 9(a). The FTC is seeking public input on these and other aspects of the prospective registry, including information on the costs and benefits associated with such a registry. See Definitions, Implementation, and Reporting Requirements Under the CAN-SPAM Act, 69 Fed. Reg. at 11,778, 11,781-82.

In its report on developing a reward system for informants, the Commission must include procedures for granting rewards and for minimizing the burden of filing complaints about CAN-SPAM Act violations, including procedures for submitting electronic complaints. See Pub. L. No. 108-187, § 11(1). The public is invited to offer its comments in order to assist the FTC in producing this report. See Definitions, Implementation, and Reporting Requirements Under the CAN-SPAM Act, 69 Fed. Reg. at 11,782.

With regard to the FTC’s report on labeling e-mails such that they are identifiable as commercial from their subject line, see Pub. L. No. 108-187, § 11(2), the FTC is seeking comment on the feasibility, costs and benefits of this labeling requirement, as well as on the best means of implementing the requirement. In its ANPR, the FTC inquires whether senders of commercial e-mail should be required to use the label "ADV," and requests comment on the experiences of U.S. states in enforcing such a requirement. See Definitions, Implementation, and Reporting Requirements Under the CAN-SPAM Act, 69 Fed. Reg. at 11,782.

An assessment of the effectiveness and enforcement of the Act is required by section 10. The FTC has requested comment on the effect of technological and marketplace developments on the Act, recommendations for addressing situations in which e-mail originates in or is transmitted through or to facilities in foreign nations, and recommendations for protecting consumers from obscene or pornographic e-mails. See id.

Comments on the prospective "Do Not E-Mail Registry" were due on March 31, 2004. All other comments in response to the FTC's ANPR must be submitted by April 20, 2004. Commenters may file their comments in paper form with the FTC itself, or may instead submit comments electronically at www.regulations.gov.

FCC Rulemaking

In an NPRM adopted March 11 and published in the Federal Register March 31, the FCC requests comment on how to protect consumers and businesses from receiving unsolicited commercial e-mail messages on wireless devices such as cell phones. See FCC NPRM, 69 Fed. Reg. at 16,873-74.³

The FCC is seeking comment on several specific issues related to mobile service commercial messages. For example, the FCC would like to receive public input on the ability of senders to ascertain whether a particular message is in fact a mobile service commercial message, and on methods for assisting senders in making such a determination. The FCC proposes to interpret the Act’s definition of mobile service commercial messages to include "all messages transmitted to an electronic mail address provided by a CMRS [commercial mobile service] provider for delivery to the addressee subscriber’s wireless device irrespective of the transmission technique." FCC NPRM, 69 Fed. Reg. at 16,876. The FCC believes that this definition should exclude messages that are normally accessed by a personal computer, but that are forwarded to a wireless device by a mobile service subscriber. See id. If the definition were to instead include messages forwarded by subscribers in this manner, the FCC seeks comment on how senders would be able to ascertain that they were in fact sending a mobile service commercial message. See id.
The NPRM also suggests various technical and other means of enabling senders to recognize a destination address as belonging to a wireless device, and asks for comment upon these alternatives. See id. at 16,877-78. The alternatives range from establishing a registry of mobile service subscriber addresses to requiring the use of specific top-level and second-level domains for mobile messaging services. See id.

Comment is also sought on how the FCC may enable mobile service subscribers to avoid receiving messages without their express prior consent. The FCC favors requiring subscribers to take some affirmative action indicating their desire not to receive such messages, rather than prohibiting the transmission of all mobile service commercial messages except where a subscriber has given its consent to the individual sender in question. See id. at 16,876-79. Subscribers could take affirmative action by, for example, electing against receiving mobile service commercial messages at the time they subscribe to the mobile service. The FCC has also requested public input on technical mechanisms that would allow wireless subscribers to voluntarily protect themselves from unwanted messages sent by those who fail to comply with the CAN-SPAM Act. See id. at 16,877.

Section 14(b)(2) of the Act requires that subscribers be permitted to indicate electronically their desire not to receive messages from particular senders. The FCC seeks comment on the various possibilities for providing such an option, including perhaps by enabling senders to enter a code into their wireless devices that would block unwanted messages. See id. at 16,879. Another important issue on which the FCC seeks comment is whether wireless providers should be permitted to send commercial messages to their subscribers without obtaining express prior authorization. See id. Finally, taking into consideration the technical limitations associated with wireless devices, the FCC has inquired how it may ensure that senders who have obtained consumers’ consent to receive messages are able to comply with the Act’s requirements regarding message formatting and content. Of particular concern is how senders will be able to include in their messages all of the information required by the Act, given the limitations that wireless devices often impose on message length. See id. at 16,879-80.

Comments regarding the FCC’s mobile service commercial messages rulemaking must be submitted by April 30, 2004. The FCC accepts comments in paper form as well as those submitted via the FCC’s Electronic Comment Filing System at http://www.fcc.gov/cgb/ecfs/.