Michael McNulty, 52, is with the Lewis & Roca law firm. His two areas of expertise are water law and intellectual property/software licensing law. It's that latter field that we recently talked about, and specifically, we discussed one matter: the out-of-control spam problem. McNulty has been with Lewis & Roca for two years. A Southern Arizona native, he grew up in Bisbee. After graduating from Bisbee High School, he attended Yale University. He returned to Tucson to go to law school, and then went back east to work for Rep. Mo Udall for a while before returning to the Old Pueblo. Here's what he had to say about law and the spam situation. Be warned: It's depressing.
So, what's the latest in terms of spam laws?
The famous CAN-SPAM law (Controlling the Assault of Non-Solicited Pornography and Marketing Act) was recently passed by Congress. It is the first time the federal government made it a crime to take certain actions regarding sending spam to innocent computer users. It can result in a fine of $250 per e-mail, and (it made certain actions) criminal acts that can put (spammers) in jail.
What exactly makes spam a crime?
For one thing, intentionally sending spam from a computer that you don't have permission to use. When a Trojan horse gets installed on a computer, that's now a federal crime. Also, materially falsifying header information (is illegal). A lot of people will look at the headers to find out the assholes who are sending spam, and often, they'll find that the info in there doesn't help at all. And if you use a computer to relay commercial e-mail through another computer to intentionally deceive, that is now a crime, too.
What's the possible criminal penalty?
Six months (in prison) and up.
How does this law apply to the regular e-mail user who's getting a gazillion spam messages a day now?
Well, if you were asking me about how to send (e-mail) ads legally, I could give you a lot of guidance. But to the people who are getting the spam, I have very little comfort to provide. If you send (the spam) to the FBI, it's not exactly going to go to the top of their to-do list. The Federal Communications Commission may be more interested, but they're prioritizing their efforts. Normally for the people who are getting one or two spams at a time, they won't be interested. They're looking for the big shops who do a million spams a day. My guess is, they're going to work with the big Internet service providers to identify where this stuff is coming from.
Will this law do any good?
Considering the world in which I live, I am skeptical, because so much (spam) is coming from other countries, where the United States has no jurisdiction. My guess is 70 percent comes from other countries. As the FCC's prosecutions get stronger, they'll push all of it offshore. ... If you're an e-mail user, get a spam filter. That's all I can tell people.
Some of the spam e-mails have a link or an address to use to unsubscribe. Does that work?
That's a great question. Allow me to answer that in a roundabout way. If you're sending out an advertisement, you're required to put in one of those opt-out messages. And if you request to be taken off the list, they have to take you off. But for people who are sending spam and who are out of reach of the law, what will they do? There's a lesson to be learned: Spammers are able to calibrate e-mail lists. When they dupe people into using the opt-out function, that confirms that it's a live e-mail address. And that (knowing which e-mail addresses are valid) makes the e-mail lists more valuable. Thus, by using opt out, not only do you not stop the spam; you possibly make it worse. Personally, I never opt out of a list.
Well, that sucks.
Yeah, it's terrible. I recently read an article about Bill Gates saying Microsoft is not gonna take it anymore, and that they're going to find a way to stop spam. I wish them luck.
Any other advice you have for people, other than to get a spam filter?
Well, there's one thing. I was rooting for a provision originally in the CAN-SPAM legislation that allowed all individual users to sue spammers and collect attorney's fees. That's not how I would want to spend my time, but I am sure there are lawyers out there who would be willing to take on such a thing on a contingency-fee basis. They could go after the spammers and seize their assets. But lawmakers took that provision out, and the only people who can act against or sue spammers are the Internet service providers and the government. Well, I would say this: Not many people lobby congressmen, but maybe the law should be expanded to (allow individuals to sue), so legal vigilantes can enter the playing field.