Citizens Cannot Use CAN-Spam to Sue Spammers: District Court Rejects Appeal
When a lawyer thinks about test cases, usually the main considerations revolve around the makeup of the plaintiff and the defendant. Lawyers want to put the white hat on the plaintiff and the black hat on the defendant. With the CAN-Spam Act, that consideration is fairly straightforward: pick a spammer for a defendant and someone who’s inbox is bursting with more Viagra and laser printer toner ads and important career information that will make you look three inches taller than a newspaper recycling bin brimming with the Sunday paper leftovers. But a word of caution here: the CAN-Spam Act’s private enforcement provisions are limited to “Internet access service” providers (like Comcast, Cox, AT&T), not you and me as individuals.
Still, not an impossible task. Round up some exemplarly emails and ask the big guys to file suit. It has already happened – MySpace won a $230 million victory against spammers who sent 730,000 emails, but reportedly hasn’t collected on the judgment. One spammer was convicted of felony spamming, sentenced to nine years in jail, but was later allowed by the Virigina Supreme Court to challenge the constitutionality of the statute.
Nevertheless, the United States continues to be the target of almost 30% of the world’s spam. If you have any doubt, look in your inbox. But I’m getting off track. We’re still looking for a white-hat plaintiff to file suit against spammers.
Enter Jim Gordon, who owned gordonworks.com and got too much spam. To put an end to it, Gordon sought $10 million from two companies, Virtumundo, Inc. and Adknowledge, Inc. as well as their sole shareholder, Scott Lynn, who the court called “in modern parlance, spammers.” Gordon filed suit under the federal CAN-Spam Act after collecting thousands of unsolicited bulk emails as evidence that Virtumundo was a spammer of the worst kind.
The federal District Court for the Western District of Washington granted summary judgment to Virtumundo earlier this year ruling that Gordon had not suffered “adverse effects” within the meaning of CAN-Spam. Yep, he lost, but then appealed.
The Ninth Circuit just rejected an appeal from Gordon, upholding the lower court’s decision and fing that Gordon was not an “Internet access service” provider, and therefore did not have standing to sue. Ninth Circuit Judge Richard Tallman wrote:
[O]ur review of the congressional record reveals a legitimate concern that the private right of action be circumscribed and confined to a narrow group of private plaintiffs. [T]his demonstrates to us that lawmakers were wary of the possibility, if not the likelihood, that the siren song of substantial statutory damages would entice opportunistic plaintiffs to join the fray, which would lead to undesirable results. While Congress did not intend that standing be limited to fee-for-service operations, we think it did intend to exclude plaintiffs who, despite certain identifying characteristics, did not provide the actual, bona fide service of a legitimate operation.
Finally, the Court noted:
It matters not that [Gordon] entered the keystrokes or clicked the mouse. Nor is it relevant that he created gordonworks.com e-mail addresses for family and friends, and not merely himself. While Verizon and GoDaddy might have a compelling argument that they are IAS providers within the meaning of the CAN-SPAM Act, Gordon’s claim that he holds such elite status is unconvincing.
And with that, the Court ruled against Jim Gordon and all private users of the Internet to attack spam through the CAN-Spam Act. Oh look, I just got another email. How about that? I can lose a pound a day on this diet!!!
[thanks to dok1 and j. craig williams via cc]
NextBus Information Systems v Routesy: iPhone Apps and Public Data Usage Debate
Steven Peterson, a web developer in San Francisco, put together a handy iPhone app called Routesy that gives schedules and arrival times for Muni, the city’s public transit system. The underlying data is collected by a company called NextBus, which puts trackers on the various vehicles. Generativity at its best—the government releases some data, people turn the data into something useful.
Then a guy named Peter Orloff emailed Peterson to say that he was from NextBus Information Systems, he had all the data copyrighted, and Peterson would have to arrange some sort of revenue split if he wanted to keep offering his app. After some research, Peterson says he found that NextBus Information Systems had no real connection to NextBus and was very unlikely to own the data (although there is a dubious legal claim), so he ignored Orloff and went on selling the app. So Orloff went to Apple and demanded that they stop selling Routesy, claiming that it violated his copyrights. Apple pulled it down, and Peterson couldn’t do anything about it—although he got lots of supportive emails, and says that “It’s really heartwarming to see so many people so passionate about using public transportation.”
The thing is, though, Orloff doesn’t seem to have a valid copyright claim. Muni says the data is public and sharing is encouraged. When Eve Batey, a reporter from SF Appeal, confronted Orloff about the copyright issue, he gave a series of truly bizarre excuses. (Article headline: “Muni Arrival Data App Killer Fears Attacks From Enraged Data/Transit Fiends.”)
This actually looks similar to the DMCA notice-and-takedown regime for ISPs. Under the DMCA, copyright holders can inform an ISP that they’re hosting an infringing work, and the ISP must disable access to the site if it wants to retain a blanket-like immunity against a claim for contributory copyright infringement. The site creator can, however, send a counter-notice protesting that the copyright claim is invalid, and the ISP may then restore access to the work unless the copyright holder files a lawsuit within 14 days of the counter-notice. Although there are disagreements over the DMCA standard, which was a compromise between the ISPs’ interests and the copyright holders’ interests, is it relatively clear and workable.
Apple, I think, would do well to adopt some kind of similar standard for claims against existing apps. They certainly ought to have a way for app creators to lodge a counterclaim against protestors. Apple apps are, and will increasingly be, big business, and so people with both good and malicious intentions will be very concerned about copyright. (It doesn’t even need to just be copyright: recall the groups that rallied to getBabyShaker off the iPhone because it was incredibly tasteless.) This is just another aspect of the problem that Apple is trying to be an omnipotent gatekeeper, but without the manpower to be omniscient—to investigate each app for security, copyright, and tastefulness.
More generally, I think we’ll soon need clear standards on the rights and responsibilities of mobile carriers, hardware providers, and OS creators. Who will be given broad, ISP-like immunity, and who won’t? Mobile computing is going to be too important to have very powerful ad hoc gatekeepers with conflicting, overlapping, or unrealistic roles.
[thanks to danny choo and elisabeth oppenheimer via cc]
Secret Service Informant Turns into Identity Thief: The Brett Shannon Johnson Story
The United States Secret Service has witnessed yet another informant turned criminal. Convicted of credit card and identity theft, Brett Shannon Johnson is now facing six years and three months imprisonment and paying at least $300,000 in restitution.
Choosing between weekly salaries of $350 from the Secret Service compared to making at least $5,000 per week betraying his duties by commiting tax-refund scams was not a difficult choice for Brett Johnson to make. While working undercover for ten months with the Secret Service and earning his $350 by tipping the Columbia, South Carolina office of the agency to credit card thieves, Johnson was at the same time operating a tax-refund scam under the name of Gollumfun.
Johnson started his ten-month working relationship with the Secret Service when he was captured in 2005 as one of the administrators of an illegal cyber operation web discussion forum called Shadowcrew.com. Instead of facing multiple charges and a significantly longer sentence, he was asked to track down other online carding forums as federal undercover informant. The federal government enlisting captured criminals to help investigations is an action that is not uncommon to law enforcers – the use of criminals as informants have been considered to be a necessity to some investigations.
He started working three months after his arrest on a dubbed “Operation Anglerpish” and was even supplied with an apartment, where his girlfriend stayed with him, plus a daily allowance of $50. While Johnson claimed that he started scheming while under agency supervision, that claim was refuted by the South Carolina division’s special agent in-charge Neal Dolan as two agents were monitored to be with him during office hours. However, Dolan admitted that they were not required to monitor Johnson outside of these hours, in which times the informant used all the data obtained from the agency’s database to assist his illegal operations while not under agency watch.
Even with video surveillance and two agents monitoring him during the six hours a day, six days a week work, Johnson still found enough time to procure all the information he needed for brewing up his new business.
“As time went on, it became more apparent to me that I had a good chance of not getting caught,” said Johnson.
According to a statement from Brett Shannon Johnson, the names and credit card numbers he used for his fraudulent tax-return scam was acquired on the same laptop that he had access to the information inside the office. These actions by Johnson were unnoticed by the agents monitoring him as he threw them off by asking them to monitor audit trails that he asked them to do. Once he was alone, he would research the information he needed for his scam.
“There were two agents with him at all times, and we had a 42-inch plasma (monitor) that projected everything he did on it,” says Neal Dolan. “You’d have to have been asleep not to have seen what he was doing (if he were committing crimes) – and they weren’t. This wasn’t a mafia case where we were going to sit on this guy 24 hours a day. He was told we’d make spot checks on him. But he’s an adult. I told him, if you want to go back to jail then you know what path (to take), and that’s the path he took.”
Johnson’s next step was to purchase several computers and IP addresses in order to not be traced, and file for tax returns using other people’s names and identification. This contributed significantly to the grand total of $2 million dollars he earned over a five-year illegal money-making career. While working as an informant to find illegal activities in cyber crime websites and then reveal them to the government, Johnson managed to put up two of his own illegal websites – CardersMarket and ScandinavianCarding.
Johnson’s case has proved to be fodder for many critics of using convicted offenders as informants and on top of this, paying them a stipend. It has also raised many questions as to the proper monitoring and surveillance allotted to these informants. Dolan reasons out that while these informants may have been given a chance to make up for their crimes, the decision to continue doing so or returning to the path of crime is theirs to make. Johnson himself says that putting him in that situation was like “taking an unrehabilitated crack or heroin addict and placing him in a drug environment, telling him not to use drugs.”
“I would place myself in the top five or 10 for doing what I do. Hopefully, I can find a way to make it benefit people instead of hurting them,” says Johnson. “And yeah, I’m sorry for what I’ve done.”
Unfortunately, it is virtually impossible to have any raw statistics of how prevalent these infomants-turned-rogues scenarios are. Most of these cases are under strict confidentiality, thus only a small number of cases reach the media’s attention.
