The junk e-mail blues

Two years ago, Virginia passed a law that its authors claimed would end unwanted junk e-mail. In a June 28, 1999, column in this magazine, I explained how the new law merely reiterated the prior law as developed by the courts and would have no impact.

Two years later, junk e-mail is more prevalent than ever.

The problem is the system's reliance on Internet service providers to write and enforce the rules. This might be sufficient if ISPs were activists, aggressively policing their users' rights to privacy. But generally they aren't.

To understand the issue better, it is important to distinguish between two different, but sometimes related, problems: "spamming" and "spoofing." Spamming is sending unsolicited bulk e-mail; spoofing is using a fabricated electronic return address to misrepresent the sender's identity.

The courts have uniformly found that spoofing is a form of fraud. As one court observed in State of New York v. Lipsitz, fraud in the "rarified air of cyberspace" is just like any other fraud. Anyone injured by spoofing can seek relief from the perpetrator. Thus, spoofing is generally controlled.

Not so with spamming. The courts have done nothing to protect the rights of individual users from junk e-mail. The closest they have come is to enforce restrictions sometimes imposed by ISPs on access to their systems.

As I noted two years ago, the 1999 Virginia law made it illegal "to transmit unsolicited bulk electronic mail in contravention of the authority granted by or in violation of the policies set by the electronic mail service provider." But that was already the rule.

The statute left spam in the hands of the ISPs, many of which don't care to protect their users' privacy. As a result, spamming is more common than ever.

More power needs to be placed in the hands of individual users. Today, it is almost impossible to do anything on the Internet without providing an e-mail address. Too often, this information is shared with other businesses for use in spamming. So-called "opt-out" rules, under which a consumer can request that the e-mail address not be shared with others, are too cumbersome to help.

Unfortunately, a new court decision may worsen the problem. In a case involving the federal Electronic Communications Privacy Act, a court in New York ruled that the law's references to the "user" was intended to identify the ISPs and not the end users of the Internet. The court dismissed a consumer complaint that the cookie-exchange practices implemented by DoubleClick Inc. and its customers to force banner advertisements onto consumers' computers violated their privacy rights.

There is no socially redeeming value in sending someone unsolicited bulk e-mail. But it won't stop until Congress or state legislatures pass real laws giving individuals clearly enforceable rights to demand that it stop.

Peckinpaugh is corporate counsel for DynCorp in Reston, Va. This column represents his personal views.