E - Commerce tax Policy Project

Main LogoBloch Logo

Internet Privacy



CAN SPAM Preemption - The Role of State Law after Can Spam Preemption


Project Genesis

  • In May, 2005, 33 telemarketing firms sought a decision from the FCC that the Telephone Consumer Protection Act (TCPA) preempts state do not call regulations.
  • Petition focuses on state “existing business relationship” exceptions (or lack thereof) to do not call mandates.
  • FTC regulations instituting federal do not call list expressly permit continued state regulation. FCC conformed its regs. under TCPA to FTC do not call system.
  • FCC petition still pending.

Federal CAN-SPAM Act

  • Controlling the Assault of Non-Solicited Pornography and Marketing Act (despite “porn” reference, the Act applies to all commercial email).
  • Mandates notice for consumers to opt-out.
  • Prohibits false subject headings and transmission paths.
  • Provides for blocking and private actions by internet service providers.
  • No private cause of action for harm to recipients.
  • Enforced by FTC.
  • Preempts state laws with stricter mandates (e.g. ADV vs. “clear and conspicuous” header). Widely criticized.
  • Retains state claims for false, deceptive and misleading messages.
  • Permits state tort claims.
  • Uncertain status for state claims for truthful, but unwanted messages (e.g. after opting out).


State Anti-Spam Actions

  • Maryland CLE v. First Choice Internet; Beyond Systems, Inc. v. Keynetics, Inc. (MD Statute); Asis Internet v. Optin Global (CA statute); Gordon v. Impulse Marketing (individual recipient, not ISP, WA statute); State v.Heckel (WA statute, pre-CAN-SPAM).
  • All rejected defense claims of implied preemption/undue burdens on interstate commerce.
  • All upheld courts’ jurisdiction over out-of-state defendants.


White Buffalo v. U of Texas

  • UT blocked truthful emails to any UT email holder from White Buffalo based on University anti-solicitation rule.
  • Is the rule a state anti-spam law that CAN-SPAM preempts?
  • Yes, but UT is an ISP and CAN-SPAM permits ISP blocking.
  • Presumption AGAINST preemption applied to uphold UT action.
  • Once state is blocking truthful ads, free speech issues arise.
  • Commercial speech Regulation must serve a substantial state interest : email user and system efficiency.
  • Email blocking must be directly related to accomplishing the state interests.


Effect of CAN-SPAM & Preemption?

  • CAN-SPAM targets deceptive and misleading email ads. All state claims (individual recipients’ and ISP’s) remain intact and state courts can get jurisdiction.
  • CAN-SPAM permits truthful unwanted email ads with little constraint.
  • ISPs are empowered to block, including state-operated systems.


An Analysis of Spyware Enforcement Actions in Pursuit of Sound Internet Advertising Policy


Marketing Model using “Spyware”

  • Clients seeking to advertise on the internet (or their ad agencies) hire Claria, WhenU, 180Solutions (adware vendors).
  • Adware vendors use numerous “affiliates” to place clients’ ad in free downloads such as games, toolbars, cursors, clip art, screensavers. (Chien 2005). 
  • Affiliates are paid per “impression.”
  • Exposure frequency enhances brand (Briggs and Hollis 1997; Broussard 2000; Drèze and Hussherr 2003).
  • Click through is not the only objective of internet ads (Chun-Yao and Chen-Shun 2006).
  • Ads make desired software cheap or free for public.


Problems with Spyware

  • Pop Ups and Banners frustrate internet browsing;
  • Ads can’t be closed. Computers have to be restarted.
  • Can’t be easily removed; Reinstall.
  • Homepage and other settings get reset to vendors’ pages.
  • Private information may be exposed.
  • Costly cleanup.



  • Considerable debate on what constitutes “spyware” versus “adware.” (Sun 2007; Boldt and Carlsson 2006; FTC Public Workshop 2004).
  • Many mainstream US companies advertise using downloaded ad-generating software (Edelman 2007).
  • US companies profit on the sale of advertising using downloaded software, despite intense regulatory scrutiny. (Elgin 2004; Newitz 2005; Cheng, 2005). 


Behaviors Prosecuted in Spyware Cases



Drive-By &
Downloaded Anti-Spyware
Enternet Media, et al., (2005) ($2M fine in 2006)
ERG Ventures (2007).
Enternet Media.
Odysseus Marketing, Inc., (2005)
ERG Ventures (2007).
Seismic Entertainment (2006)
Odysseus Marketing
ERG Ventures (2007).
Trustsoft, Inc. 2005 (“Spykiller”) $1.9M
MaxTheater, Inc. (“Spyware Assassin”) $76K
Direct Revenue 2006
(“100% Spyware Free”)
Intermix Media, Inc. (2005)
$7.5M fine 2006.  CEO = $750K
Direct Revenue 2007.
Intermix Media






Secure Computer 2006, $1M.


  • Federal and Washington prosecution.
  • Downloaded subscription service.
  • Download Manager provided access to news, sports, games, adult content.
  • “Anonymous Negative Option.”
  • Download Manager also included billing software.
  • Billing program made false statements about customers’ obligation to pay and legal consequences.
  • Harassing 40-second video played hourly. 


Movieland.com Outcome
  • FTC settlement = $501K; Washington = $50K.
  • Subscriber service can continue, but not anonymous.
  • Billing software can be downloaded, with proper notice.
  • Websites must provide uninstall instructions.


Conclusions & Recommendations
  • Federal legislation should define spyware based on harms reflected in cases
  • Federal law should establish a meaningful notice protocol. (Edelman 2004; Good 2006).
  • State enforcement of consistent rules should be permitted.
  • FTC should have authority to keep create rules that keep up with changing tech. harms.




© 2008 Larry Garrison & Rita Marie Cain