The junk e-mail blues

Two years ago, Virginia passed a law that its authors claimed would end unwanted junk e-mail. In a June 28, 1999, column in this magazine, I explained how the new law merely reiterated the prior law as developed by the courts and would have no impact.

Two years later, junk e-mail is more prevalent than ever.

The problem is the system's reliance on Internet service providers to write and enforce the rules. This might be sufficient if ISPs were activists, aggressively policing their users' rights to privacy. But generally they aren't.

To understand the issue better, it is important to distinguish between two different, but sometimes related, problems: "spamming" and "spoofing." Spamming is sending unsolicited bulk e-mail; spoofing is using a fabricated electronic return address to misrepresent the sender's identity.

The courts have uniformly found that spoofing is a form of fraud. As one court observed in State of New York v. Lipsitz, fraud in the "rarified air of cyberspace" is just like any other fraud. Anyone injured by spoofing can seek relief from the perpetrator. Thus, spoofing is generally controlled.

Not so with spamming. The courts have done nothing to protect the rights of individual users from junk e-mail. The closest they have come is to enforce restrictions sometimes imposed by ISPs on access to their systems.

As I noted two years ago, the 1999 Virginia law made it illegal "to transmit unsolicited bulk electronic mail in contravention of the authority granted by or in violation of the policies set by the electronic mail service provider." But that was already the rule.

The statute left spam in the hands of the ISPs, many of which don't care to protect their users' privacy. As a result, spamming is more common than ever.

More power needs to be placed in the hands of individual users. Today, it is almost impossible to do anything on the Internet without providing an e-mail address. Too often, this information is shared with other businesses for use in spamming. So-called "opt-out" rules, under which a consumer can request that the e-mail address not be shared with others, are too cumbersome to help.

Unfortunately, a new court decision may worsen the problem. In a case involving the federal Electronic Communications Privacy Act, a court in New York ruled that the law's references to the "user" was intended to identify the ISPs and not the end users of the Internet. The court dismissed a consumer complaint that the cookie-exchange practices implemented by DoubleClick Inc. and its customers to force banner advertisements onto consumers' computers violated their privacy rights.

There is no socially redeeming value in sending someone unsolicited bulk e-mail. But it won't stop until Congress or state legislatures pass real laws giving individuals clearly enforceable rights to demand that it stop.

Peckinpaugh is corporate counsel for DynCorp in Reston, Va. This column represents his personal views.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.