4 Va. J.L. & Tech. 4 (Spring 1999) <http://vjolt.student.virginia.edu>
1522-1687 / © 1999 Virginia Journal of Law and Technology Association




4 VA. J.L. & TECH. 4

Canning "Spam" in Virginia: Model Legislation to Control Junk E-mail

By Kenneth C. Amaditz


    I. Introduction

  1. Every new technology spawns its own monsters, and electronic mail ("e-mail") is no exception. Aside from e-mail obscenity, the technology's most notorious monster may well be unsolicited bulk commercial e-mail,[1] known in the Internet community by the pejorative term "spam."[2] Marketers that send spam -- "spammers" -- have been called "roaches,"[3] the "bottom feeders" of cyberspace,[4] and "the bane of the Internet."[5] The retaliation to spamming has been astonishing. Spammers have been hit by a wicked backlash that has included massive volumes of consumer complaints, vigilante action, and a spate of anti-spam litigation.[6]

  2. Most e-mail users have likely encountered their fair share of spam. These unsolicited messages arrive in a user's electronic mailbox with headers such as "YOU MUST READ THIS," "MAKE MONEY FAST," or "NEW ADULT WEB SITE WITH HOT LINKS!!!,"[7] and advertise a seemingly limitless variety of products and services, including get-rich-quick schemes, pornography, and even services that allow the user to send his or her own spam.[8] Simply put, spam seems to be the junk mail of the Internet.[9]

  3. So why all the fuss? Direct marketers bury Americans in a landslide of postal junk mail every day, but we have generally come to accept it as a fact of life.[10] The problem is that the analogy between postal junk mail and spam is an over-simplification. Spam is different. Unlike normal junk-mail, spam is sent "postage-due."[11] In other words, whereas postal direct marketers bear the costs of sending their junk mail, spammers equipped with an e-mail account can send their junk e-mail for next-to-nothing while others absorb the costs.[12] The low cost of spamming makes it an attractive option for marketers, and they take full advantage. Just one spammer can send millions of messages every day, and estimates put the number of daily spams at 25 million.[13] The resulting barrage of messages shifts the costs avoided by the spammer to the Internet companies and users that route and receive the e-mail. Massive spam transmissions paralyze computer systems, gobble up disk storage space, and drain time and resources from the Internet companies that are forced to store and process them.[14] Moreover, individual Internet users complain that they are forced to waste their costly on-line time to sift through and delete the messages.[15] Given the cheap price of spamming and the way that it externalizes costs, junk e-mail seems to pose a classic "tragedy of the commons."[16]

  4. By all accounts, the spam problem has hit home in Virginia. Internet users in the Commonwealth are often spam victims, and spam is the first item on the agenda at the first meeting of the Virginia Internet Service Providers Association.[17] The state's best-known Internet company -- America On-Line (AOL) -- has been a leader in targeting spammers and using the courts to halt their practices,[18] and a Virginian is even one of the most notorious anti-spam vigilantes.[19] Despite the efforts of AOL and cyber vigilantes, however, spam has proliferated to the point where it threatens the viability of e-mail as a communications medium.[20] The conclusion seems inescapable -- if Internet e-mail is to be more than a Trojan Horse bearing spam, then legislation is necessary.

    II. An Internet Primer

  5. Spam is an Internet problem, but, more specifically, it is an e-mail problem. To understand why, it would be best to start with a quick sketch of the Internet. The Internet is a vast global network of connected computers.[21] The private corporations, individuals, educational institutions, and government entities that own and operate the Net's computer hardware and software have agreed to cooperate by using a common data transfer protocol, thereby allowing worldwide communications.[22] This global network of flowing information, or "cyberspace," is not controlled or administered by a single entity or organization.[23] Arguably, the Internet is intrinsically decentralized, and its chaotic structure would make central control impossible.[24]

  6. E-mail is only one means of communicating over the Internet. Most important for the purposes of this discussion is that sending an e-mail is a form of "active" Internet communication.[25] It is "active" because it forces the communicator to take affirmative steps to communicate to a specific recipient.[26] In contrast, "passive" forms of Internet communication do not target a specific audience.[27] For example, a non-interactive site on the World Wide Web ("the Web") merely places information in cyberspace, where it is accessible to Internet users who "browse" or "surf" the Web.[28] The distinction between "passive" and "active" forms of Internet communication has special relevance in the area of Internet advertising, which is discussed below. For now, the important point is that spam is a creature of e-mail -- it is, by definition, e-mail. Therefore, it is an "active" form of Internet communication. Because many other "passive" forms of Internet communication are available, spam is better characterized as an e-mail problem, rather than an Internet problem.

  7. To gain access to the Internet, one must open an e-mail account with an on-line service or an Internet Service Provider (ISP).[29] Both typically charge user access fees by the hour or on a monthly basis.[30] On-line services, such as AOL, provide extensive content while also allowing their subscribers to send e-mail and access the World Wide Web.[31] ISPs offer Web access and e-mail through a computer network that is linked to the Web.[32] To simplify, this paper will use the acronym ISP to refer to both ISPs and on-line services. ISPs give each subscriber a unique Internet e-mail address expressed in a standard format.[33] For example, a typical e-mail address for a subscriber whose user name is "janedoe" would be "janedoe@provider.com." The characters to the left of the "@" symbol are the subscriber's "username," and the characters to the right indicate the identity of the service provider's computer on the Internet,[34] also known as the "domain name."[35]

  8. Using e-mail is relatively easy. To send a message to one or more people, the user simply enters the recipient's e-mail address in the "TO:" line and the computer will transmit the message. Unlike a letter sent through the post office, however, the e-mail sender directs his or her communication to a logical address instead of a geographical one.[36] The sender does not have to know the recipient's physical location outside of cyberspace.[37]

  9. The simplicity of e-mail is topped only by its low price. Once a user has invested in the necessary equipment and has obtained an e-mail address, sending an e-mail message costs only the time it takes to send it. The ease and frugality of e-mail has made it a favorite among the Internet community, but it has also attracted some bad seeds. The next section discusses how those bad seeds -- the spammers -- have become the "bane of the Internet."

    III. The Need For Legislation

    A. ISPs and E-Mail Users: Buried in an Avalanche of Spam

  10. The decentralized nature of the Internet, combined with the simplicity and low cost of e-mail, has made cyberspace a fertile ground for the purveyors of junk e-mail -- spammers. Spammers are generally companies that specialize in Internet advertising.[38] Most of these companies harvest e-mail addresses from Internet sources, such as newsgroup Web sites or the personal profiles established by users of on-line services.[39] Some spammers have e-mail lists that include over 1 million addresses, and they often sell lists of e-mail addresses to clients.[40]

  11. The result is an avalanche of spam. To individual e-mail users, the practice is both annoying and potentially costly.[41] On any given day, a typical e-mail user's mailbox may be half-filled with spams[42] that advertise pyramid schemes, pornography, get-rich quick scams, long-distance telephone rates, computer programs, lists of overseas spouses, and offers to participate in more spamming.[43] Because this mail is often hard to recognize as advertising, the user must spend valuable time sifting through and deleting the messages.[44] For many e-mail users, this time is money. Because ISPs often charge fees by units of time, consumers must pay for the time they spend reading and deleting spam messages.[45] Some analysts estimate that spam consumes as much as $2 of a consumer's average monthly fee.[46] Consumers are angry, and with good reason -- not only must they stomach the constant barrage of spam, but they are forced to subsidize the very practice they detest.[47]

  12. In spite of the annoyance and costs that e-mail users suffer, many consider ISPs and on-line services to be the true victims of spam.[48] Indeed, spam must pass through an ISP before it ever reaches the consumer,[49] and these spam bombardments can be massive. For example, AOL estimates that as much as 30 percent of its daily load of 13 million incoming messages is junk e-mail.[50] Given the enormous bulk of spam, it is no wonder that spam is wreaking havoc on ISPs. These massive e-mail onslaughts overwhelm their computer servers, which have a finite capacity for handling messages.[51] As a result, ISPs are sometimes brought "to their knees," customer service suffers, and the ISPs are forced to handle scores of irate customers.[52] Even more expensive than temporary slowdowns may be the costs of storing and processing spam, which is forcing some companies to purchase new equipment.[53] Other costs absorbed by ISPs include the costs of responding to consumer service calls and battling spam.[54] ISPs must dedicate personnel and time to placate customers who complain about excessive spamming and system delays.[55] Prompted by such consumer complaints, some ISPs have fought the spammers with professional "spam catchers," spam-blocking software, and litigation.[56] Whether or not these methods are effective, they eat up time and resources.[57] In fact, conservative estimates put the costs of spam at 10 percent of an ISP's operating costs.[58] Not surprisingly, the ISPs claim they are being exploited: spammers are hijacking their equipment and disk storage space, damaging their services, and creating a mass of irate customers, all at no cost to the spammers.[59]

    B. Running to Stand Still: the Fight Against Spam

  13. Perhaps the most maddening aspect of spam is how hard it is to make it stop.[60] One means of fighting spam -- self-help -- is almost certain to fail. Though "how to fight spam" articles have become almost commonplace in business and computer magazines,[61] even self-help proponents admit that these methods are unlikely to curb the tide of spam.[62] The steps one must take to fight spam are "tedious," with little likelihood of success.[63] Nevertheless, for the eternally optimistic, there are ways to try. For example, some spammers will give recipients a chance to remove themselves from mass marketing lists by replying to the spam message.[64] However, in most cases, the reply e-mail is ignored or never received because the reply address is phoney.[65] Moreover, even if this method works and the user is removed from one list, "chances are the list was bought from a broker who has already sold [the] address to 10 new marketers."[66] Given the futility of remove requests and similar methods, such as 800 numbers,[67] some commentators recommend more drastic steps -- changing one's user name, obtaining a new e-mail address to use strictly for correspondence, and not posting items on the Net -- that severely cramp a user's flexibility and may impose additional costs.[68] Finally, some analysts place their hopes in technology. E-mail subscribers can purchase software that purports to filter out spam,[69] but the software is not cheap[70] and, moreover, it does not work all that well. Filters may intercept some junk e-mail, but spammers are cagey. They constantly change their e-mail addresses and domain names to avoid blocking technology -- a practice called "spoofing."[71]

  14. Some incensed users have cast aside these more passive steps in favor of vigilantism. The rise of cyber vigilantes highlights the fact that the Internet's early, decentralized rules of good Internet behavior -- also known as "netiquette" -- have failed to deter spammers.[72] With the proliferation of spam and its ongoing breaches of netiquette, a number of dedicated Internet users have taken matters into their own cyber hands. Some have created a "Blacklist of Internet Advertisers" and have set up Web pages to organize against spammers.[73] Others have imposed Internet death penalties on ISPs that fail to stop spammers.[74] In our own state, Virginia Tech doctoral student Dennis McClain-Furmanski has orchestrated several controversial "digital terrorist" actions to call attention to the proliferation of spam.[75] Although these acts were dramatic, "digital terrorism" is an untenable solution to the spam problem.[76] Aside from being unpredictable and random,[77] vigilante action has yet to curb spam abuse[78] and is unlikely to do so because the costs of spamming are so low that "[a] few million livid individuals isn't enough to deny monetary success."[79]

  15. Service providers' attempts to stop spam have largely been fruitless, for many of the same reasons that private users' have. ISPs that prohibit spammers from using the providers' accounts may rid their own systems of spammers, but the spammers can easily move to less-reputable ISPs that do not object to such practices.[80] ISPs have also taken steps to block incoming junk e-mail. Many companies employ filtering software, but spammers have been able to avoid it by "spoofing."[81] Other companies rely on human "spam catchers" to monitor incoming e-mails and block mass mailings of spam.[82] Although human intervention remains the best method for blocking spam, it is expensive, and the "spam catchers" themselves describe it as an ongoing "cat-and-mouse" game.[83] In short, technological efforts to remove spam have been ineffective.[84]

  16. Once again, the problem is that sending spam is so cheap, and the payoff so lucrative, that marketers are more than willing to put time and money into circumventing software filters.[85] And they have found a number of ways to do so.[86] Most simply, spammers often "spoof," or forge their e-mail return addresses, leaving the recipient with no way to know the spam's origin.[87] Spammers can also bounce messages off numerous computer systems and through other ISPs to hide the sender's true identity.[88] Finally, there are a number of sources on the Internet -- called "remailers" -- that provide a means of sending "anonymous" e-mail.[89] Using these methods, spammers consistently have been able to avoid blocking software. Seeking other redress, several ISPs have turned to the courts.

  17. Spam litigation is a burgeoning field. Major service providers, such as AOL, CompuServe, and Earthlink have been waging a battle against spammers in courts across the country.[90] They have been aggressive, even surly, in targeting spammers for litigation. For example, in March, 1998, AOL released a list of the "Ten Most Wanted Spammers," vowed to build a case against each one, and pursue them in court.[91] The ISP litigation has set some favorable precedent, secured fines and injunctions,[92] and even forced Sanford Wallace, President of the notorious Cyber Promotions, to declare that he is out of the spamming business for good.[93] These victories notwithstanding, ISPs understand that litigation is not the answer.[94] One reason is that litigation is simply too expensive.[95] Another reason is that "cost of entry is so low and the chance of being sued so slim that the deterrent effect of litigation is waning."[96] Moreover, lawsuits have been initiated by only the largest ISPs, and their victories have been piecemeal. When the big ISPs win, the spammers, like roaches, can simply invade the house next door,[97] seeking out ISPs that do not have the will or resources to litigate. Spammers' ability to dart between the cracks supports the conclusion that "[t]rying to cut off spam is turning out to be a Herculean task."[98]

    C. The Allure of Spam and a Tragedy of the Commons

  18. The incentives for spammers to cling tenaciously to their place on the Net are just too large to resist. Spamming is lucrative for two reasons -- it is cheap and it works. The costs of spamming are "lower than any sales effort ever conceived."[99] Because there is no per-message charge to send e-mail[100] and mass-mailing software is widely available, a junk e-mailer's costs can be limited to equipment, a $25 per month e-mail account, and the price of a mailing list.[101] A spammer can send an e-mail advertisement to 1 million people for the paltry sum of $100.[102] At this price, even if just one consumer in 10,000 responds, the spammer makes a profit and could care less about the other 9,999 angry recipients.[103] "That's why unsolicited e-mail hasn't gone away and instead has quadrupled," says David Seiver, owner of Mr. Email in Newport Beach, California. "It works. There's no other kind of advertising that can compare."[104]

  19. Garritt Hardin fans will recognize that Internet e-mail presents a classic "tragedy of the commons."[105] Given the low cost and effectiveness of e-mail advertising, spammers will continue to send their missives over the Net without regard to the costs -- or externalities -- foisted on Internet users and ISPs.[106] Indeed, spam, if left unchecked, will proliferate "until the system collapses because users find that the effort of wading through the flood of messages becomes too great,"[107] or the system slows to a point where it is no longer quick and useful. Like an endangered ecosystem, the Internet is already showing signs of bad health.[108] One sign may be the spate of anti-spam litigation. Others may be system delays, consumer complaints, and vigilantism. Still others ring in the pages of computer magazines, where the editor of Internet World recently asked, "[a]re we about to witness the long, drawn-out death of e-mail?"[109] The same editor noted that spam is deteriorating the effectiveness of e-mail as users become "anesthetized" to junk e-mail and simply begin to delete any messages from people they do not know.[110] All things considered, spam threatens to hobble an entire communications medium unless society finds an effective way to combat it.[111]

  20. There seems to be consensus in favor of anti-spam legislation. Although some dissenters continue to sing the praises of the free market, technology, and self-regulation, all of these methods have thus far failed to stem the tide of spam, mitigate the cost-shifting from advertisers to users and ISPs, or make significant inroads into upholding user privacy. Major ISPs like AOL and Earthlink have suggested that legislation is the best solution to the spam problem,[112] and some legislatures have taken the cue.[113] Although some ISPs and users prefer federal legislation, the three bills proposed in Congress[114] seem to be going nowhere. On the other hand, the states have been moving ahead with legislation of their own. At the time of this paper, anti-spam measures are on the books in Washington and Nevada, and at least eighteen other states, including Virginia, have considered or are considering such measures.[115] To be sure, state anti-spam laws present a variety of problems, but states can also serve as a fertile ground for experimentation in this area. If Virginia adopted the bill proposed in this paper, it would be at the forefront of this experimentation.

    IV. Legal Justifications for Anti-Spam Legislation

  21. As the previous discussion makes clear, there is a need for anti-spam legislation. This section presents a brief discussion of the legal interests such legislation would seek to protect. As the subsequent section will demonstrate, a state's asserted interest in anti-spam legislation may well determine whether such a bill would pass constitutional scrutiny.

    A. Cost-shifting

  22. The first interest to consider is cost-shifting. Spamming shifts advertising costs from advertisers to both Internet users and ISPs. This cost-shifting may occur through higher subscription fees, or increased costs to ISPs for disk storage space, anti-spam enforcement, consumer complaints, and system delays. In Destination Ventures, Ltd. v. FCC, the Ninth Circuit not only upheld cost-shifting as a valid means to restrict commercial communications; it found that cost-shifting was an interest sufficient enough to support an advertising ban on an entire communications medium -- the fax machine.[116] Thus, it seems that courts will consider the prevention of cost-shifting to be a significant government interest.[117]

  23. In the spam context, legislation should seek to protect two groups against cost-shifting. First would be ISPs, who seem to bear the largest burden from system-clogging spam. Their costs are easily demonstrable and have held up in court.[118] Second, anti-spam legislation would seek to protect e-mail subscribers from cost-shifting. The easy case to prove, of course, is the user who pays for his or her e-mail connection in increments of time and, thus, pays to sift through and delete unwanted spam. However, the calculus becomes more difficult for users who pay a flat monthly fee or receive free e-mail.[119] For these users, there is no tangible cost-shifting. Although they suffer the inconvenience of junk e-mail, a court may find that such costs are reasonable burdens to accept in pursuance of First Amendment freedoms.[120] It follows that the government's interest in this area should be supplemented by other interests in addition to cost-shifting -- which brings us to privacy.

    B. Privacy

  24. Because the Supreme Court has recognized that people have the right to be left alone,[121] the privacy rationale could support a statutory effort to curb spam sent to individuals.[122] With regard to unsolicited advertising, the Supreme Court has recognized that the government can act to protect individuals' right to privacy. The extent of that privacy, however, is unclear. The Court has recently noted that its decisions "leave no room for doubt" that the state has a substantial interest in protecting the consumer privacy[123] and the "well-being, tranquility, and privacy of the home."[124] Moreover, citizens must have the ability to avoid intrusions, and the government may legislate to protect this ability.[125]

  25. Several prominent decisions have tested the Court's dedication to individual privacy in the unsolicited advertising context. In Rowan v. United States Post Office Department, the Court upheld against a First Amendment challenge a federal law that provided mail recipients with a procedure to insulate themselves from offensive junk mail advertisements.[126] Chief Justice Berger, writing for the Court, noted that the right to communicate must be placed in the scales with every person's right "to be let alone."[127] Further, people must maintain the autonomy to control the flow of unwanted mail to their households.[128] Weighing the right to communicate against the right to be free from communication that people do not want, the Court concluded that "a mailer's right to communicate must stop at the mailbox of an unreceptive addressee."[129] Under the statute at issue, the mailer's right to communicate was limited by the recipient's affirmative act of giving notice that he no longer wanted to receive the mailer's solicitations.[130] To not uphold such a statute, said the court, would essentially license a form of trespass.[131]

  26. Since Rowan, however, the Court has hinted that it will give less solicitude to advertising restrictions enacted in the name of protecting individual privacy. For example, in Bolger v. Youngs Drug Products Corp., the Court invalidated a federal effort to ban potentially offensive and intrusive direct-mail advertisements for contraceptives.[132] The Court rejected the government's allegations of harm, and found instead that recipients could avoid any offensiveness "simply by averting their eyes."[133] "[T]he short, though regular, journey from mail box to trash can," said the Court, "is an acceptable burden, at least so far as the Constitution is concerned."[134]

  27. Although Rowan and Bolger seem to send an inconsistent message, one commentator reconciled these cases in the following manner. The Court will uphold a government regulation that allows citizens to take affirmative steps to prevent the receipt of junk mail, as in Rowan, because in such cases, it is the private act, rather than a state restriction, that proscribes the marketer's attempts to communicate.[135] However, the government offends the First Amendment when it attempts to protect privacy by preventing marketers from sending an entire category of allegedly offensive commercial solicitations through the mail.[136] In other words, the government's interest is more likely to withstand scrutiny when individuals, and not the legislators themselves, decide what types of advertising are invasive, and subsequently act to stop that advertising from reaching them.

  28. Despite Bolger, courts continue to assert that protection of privacy is a strong governmental interest.[137] For example, in upholding a federal law that banned auto-dialed telemarketing in Moser v. FCC, the Ninth Circuit implied that the ban was reasonable because Congress could have banned all telemarketing calls as incursions on home privacy.[138] In the spam context, the privacy interest could support anti-spam legislation that protects individuals. Although Moser indicates that protection of privacy could support a complete ban, Rowan and Bolger teach that courts are most likely to uphold this governmental interest when legislation enables the consumer to "opt-out" of certain advertising.

    C. Consumer Protection Against Fraud

  29. Protecting consumers against fraud and deception is a common interest asserted by states that restrict marketing, and the Supreme Court has noted that the First Amendment is no bar to the regulation of false and deceptive advertising.[139] To be sure, such advertising is a serious concern in the e-mail context,[140] and spammers often use deceptive and fraudulent practices to disguise the origin of their junk e-mail. Because the Supreme Court has given the nod to state intervention in such underhanded practices, legislative attempts to target deceptive and fraudulent spamming will find themselves on solid ground.

    D. Trespass on ISPs

  30. The common law provides the fourth interest that anti-spam legislation could seek to protect. In Rowan, the Supreme Court concluded that denying junk mail recipients the opportunity to stop the flow of offensive advertising to their homes would "tend to license a form of trespass."[141] In perhaps the most intriguing line of cases to result from the spam litigation, several courts have extended the logic of Rowan, concluding that spamming without consent amounts to a trespass on the property of ISPs.[142]

  31. The leading case on Internet trespass is CompuServe Inc. v. Cyber Promotions, Inc., where the Southern District of Ohio issued a preliminary injunction banning Cyber Promotions from sending unsolicited advertisements to CompuServe's subscribers.[143] CompuServe came to court with a typical spamming saga to tell. Cyber had vigorously spammed CompuServe's subscribers, ignored CompuServe's warnings, and circumvented blocking technology by using false domain names and headers.[144] As a result, CompuServe received a spate of complaints from angry users who threatened to discontinue their subscriptions unless CompuServe prevented spammers from entering its domain.[145] The service provider also asserted that the massive volume of messages was a significant burden on its equipment, which had limited processing and storage capacity.[146]

  32. CompuServe's case relied on the arcane common law ground of trespass to chattels.[147] The court first noted that the ancient theory of trespass to chattels had evolved to include the unauthorized use of personal property.[148] Trespass to chattel may occur when a person intentionally uses or intermeddles with another's personal property.[149] Such intermeddling, in turn, occurs when a person's actions bring him "into an intended physical contact" with another's personal property.[150] Because Cyber's contact with CompuServe's computers was intentional, the court concluded that a trespass had occurred.[151] Rejecting the defendant's argument that no trespass had occurred because CompuServe was not dispossessed of its property, the court emphasized that trespass to chattel may be actionable when the chattel is impaired or harmed, or the possessor is deprived of the use of it for a substantial time.[152] Cyber's actions had consumed disk space and reduced the computers' processing power, thus diminishing the equipment's value to CompuServe because it could not properly serve its customers.[153]

  33. Based on CompuServe, it is likely that an anti-spam bill that codifies trespass theory would be legally supportable.[154] Moreover, given the common law grounding of this theory, no court would doubt the state's interest in protecting ISPs against trespass. Thus, the trespass rationale, combined with the interest in preventing cost-shifting, would create a substantial governmental interest in protecting ISPs against spam.[155]

    V. Legal and Policy Issues Faced by Anti-Spam Legislation

  34. The above discussion shows that states have several legitimate interests that would support passage of anti-spam legislation. The state may seek to protect ISPs from the cost-shifting and trespass to chattel caused by spamming. Individuals would be shielded from cost-shifting and invasions of privacy. Identifying these interests is an important first step in supporting anti-spam legislation. This section takes the second step, asking whether these interests are sufficient to support a state anti-spam bill that would admittedly restrict commercial speech, affect interstate commerce, and raise serious jurisdictional and policy questions.

    A. The First Amendment

  35. Attempts to legislate against spam will most likely implicate the First Amendment as restrictions on commercial speech.[156] Since Virginia State Board of Pharmacy v. Virginia Citizens Consumer Council, Inc., the Supreme Court has accorded commercial speech some degree of First Amendment protection.[157] The Court, however, has emphasized that the First Amendment's protection of commercial speech is not absolute.[158] Instead, the First Amendment extends protection that corresponds to the subordinate position of commercial speech in the hierarchy of favored expression.[159] Accordingly, the Court subjects laws restricting commercial speech to "intermediate scrutiny."[160] The framework for this scrutiny emerged from the Court's seminal decision in Central Hudson Gas & Electric Corp. v. Public Service Commission of New York.[161] In Central Hudson, the Court set out a four-pronged test for evaluating commercial speech restrictions. Under the first prong, commercial speech qualifies for First Amendment protection only if it concerns lawful activity and is not deceptive.[162] Assuming that anti-spam legislation will regulate both deceptive and non-deceptive spam, it will implicate the First Amendment because advertising, even if unsolicited, qualifies as commercial speech.[163]

  36. The second prong of Central Hudson requires the government's asserted interest to be substantial.[164] This prong is not satisfied by mere speculation or conjecture; instead, the government must demonstrate that the harms it seeks to cure are real and that the regulation will alleviate those harms to a material degree.[165] Section IV above discusses the several interests that a state could assert in regulating spam: prevention of cost-shifting; protection of individuals' privacy; and halting trespasses to ISPs' property. In the First Amendment context, each of these interests has received support in the courts. The district court in Destination Ventures, Ltd. v. FCC explicitly held that the government's interest in cost-shifting was substantial, the harms were real, and the ban on unsolicited faxes would cure those harms.[166] This logic should apply equally in the spam context. With regard to protecting individual privacy, the Supreme Court's decisions in Rowan and Bolger indicate that a law is more likely to withstand First Amendment scrutiny if it requires a private act, rather than state fiat, to restrict a junk mailer's speech.[167] Thus, if anti-spam legislation puts the decision in the hands of Internet users through an "opt-out" scheme, courts will be more likely to find that the government's interest is substantial.

  37. Likewise, the government's interest in preventing trespass to ISPs should also qualify as substantial. In Rowan, the Supreme Court upheld a federal law that allowed individuals to request that the Postmaster General order purveyors of offensive junk mail to stop their solicitations.[168] Finding no First Amendment violation, the Court concluded that to not uphold the law would "tend to license a form of trespass."[169] Although the Court went no further in addressing the trespass issue, this statement indicates that legislation seeking to prevent trespasses would withstand First Amendment scrutiny.[170] It follows, then, that the government has a substantial interest in preventing trespass for the purposes of First Amendment analysis. Furthermore, such an interest would not be based on speculation or conjecture.[171] CompuServe Inc. v. Cyber Promotions, Inc. demonstrates that spamming trespasses on ISPs' computer equipment, causes harm by eating up storage space, slowing down services, and undermining the ISPs' good will and reputation with customers.[172]

  38. In the third and fourth prongs of the Central Hudson test, the government must show that the regulation directly advances its asserted interest[173] and is "narrowly tailored" to fulfill that interest.[174] The fit has to be reasonable, but not perfect, and the government's plan does not have to be the best possible plan as long as it is proportional to the asserted interest.[175] Moreover, in United States v. Edge Broadcasting Co., the Court held that the state may take an incremental approach and need not "make progress on every front before it can make progress on any front."[176] In the case most analogous to the spam context, the Ninth Circuit in Destination Ventures, Ltd. v. FCC held that a federal law banning unsolicited fax advertising met the Central Hudson test.[177] Central Hudson's third prong was not an issue on appeal, but the district court held that the federal law would directly advance the government's interest in avoiding cost-shifting because, after all, the law banned unsolicited faxes.[178] The appellants did, however, claim that the law was not a reasonable fit with the government's interest in preventing the shifting of advertising costs.[179] Although they did not dispute that unsolicited fax advertisements were responsible for the bulk of cost-shifting, the appellants claimed that similar shifting occurs with unsolicited political faxes and prank faxes.[180] The court rejected this argument, noting that the ban was even-handed in that it applied to commercial solicitation by any organization "be it a multinational corporation or the Girl Scouts."[181] Moreover, even if the ban did not address all cost-shifting faxes, the court cited Edge Broadcasting for the proposition that the First Amendment does not require the legislature to forego addressing the problem at all just because the solution does not completely eliminate cost-shifting.[182] The court concluded that the ban fit closely to Congress' goal and, thus, did not violate the First Amendment.[183]

  39. Because the specifics of the model anti-spam legislation are addressed in Section VII, the current discussion focuses on the principles that this case law establishes for crafting a law that will withstand First Amendment scrutiny. Given that the state's interests in regulating spam are likely to qualify as substantial, anti-spam legislation should seek to meet the third and fourth prongs of the Central Hudson test. Because Edge Broadcasting has drawn the sting from the third prong by allowing the government to take an incremental approach, the entire question boils down to whether or not the anti-spam law is narrowly tailored to meet the state's interests.[184] Destination Ventures teaches that a law attacking the bulk of the problem is likely to withstand scrutiny under the fourth prong. Therefore, to avoid First Amendment problems, anti-spam legislation should be comprehensive and apply to all unsolicited commercial e-mail that shifts costs, invades privacy, or causes trespasses. Provided that it addresses the bulk of the problem, our anti-spam legislation should overcome any First Amendment objections.[185]

    B. The Dormant Commerce Clause

  40. The Dormant Commerce Clause is perhaps the best arrow in the quiver of the opponents of state anti-spam legislation.[186] The Dormant Commerce Clause itself is really a gloss on the Commerce Clause of the U.S. Constitution.[187] The Supreme Court has ruled that the Commerce Clause not only empowers Congress to regulate interstate commerce, but also inhibits the states from enacting laws that interfere with interstate commerce.[188] The principle behind this "dormant" aspect of the Commerce Clause is that states are not separable economic units and, thus, cannot place themselves in a position of economic isolation.[189]

  41. The Court's decisions in this area have sought to minimize the evils of economic isolationism and protectionism, while simultaneously recognizing that incidental burdens on interstate commerce may be unavoidable when a state exerts its police power to protect health and safety.[190] Under the Dormant Commerce Clause, states are precluded from regulating aspects of national commerce which, because of the need for national uniformity, demand that their regulation be prescribed by a single authority.[191] In the more common areas of state regulation, however, the court will apply the balancing test from Pike v. Bruce Church, Inc.,[192] unless the law is facially protectionist.[193] The Pike test is as follows: where the state law is evenhanded in its protection of a "legitimate local public interest, and its effects on interstate commerce are only incidental, it will be upheld unless the burden imposed on such commerce is clearly excessive in relation to the putative local benefits."[194] How much of a burden is tolerable depends on the nature of the asserted local interest and whether the state could promote it equally well with less effect on interstate commerce.[195]

  42. The Dormant Commerce Clause also requires comity between the states.[196] In BMW of North America, Inc. v. Gore, for example, the Court invalidated a punitive damages award issued by an Alabama court against BMW for failing to disclose that it had repainted new cars before selling them.[197] The Court first established that a state may not impose economic sanctions on violators of its laws with the intent of changing the tortfeasors' lawful conduct in other states.[198] Because the Alabama award sought to alter BMW's nationwide policy, it violated the Dormant Commerce Clause's principle of comity.[199] Although Alabama could insist that BMW follow a particular disclosure policy to protect Alabama citizens in Alabama, it did not have the power to punish BMW for conduct that was lawful in other states.[200]

  43. More recently, the Southern District of New York issued an opinion that could hamstring state efforts to regulate the Internet. In American Libraries Association v. Pataki, the plaintiffs made a facial challenge to New York Penal Law § 235.21(3) on the grounds that it imposed an undue burden on interstate commerce in violation of the Commerce Clause.[201] The law made it a crime for anyone to knowingly use a computer system to send commercial or non-commercial obscene materials to a minor.[202] The court cited three tests to determine whether the law violated the commerce clause and held the law to be a violation under each test.[203]

  44. The first test proposed by the court was that a law is invalid when it projects the state's law onto conduct that occurs wholly outside of the state.[204] For this test, the critical inquiry is whether the practical effect of the regulation is to control conduct beyond the boundaries of the state.[205] Courts should also look beyond the regulation's practical effect, consider how the law may interact with the regulatory regimes of other states, and surmise what would happen if many or every state adopted similar legislation.[206] Applying this test, the court found that the nature of the Internet makes it impossible to restrict the effects of the Act to conduct occurring in New York.[207] An Internet user, the court reasoned, may not intend a message to be accessible to New Yorkers, but the user lacks the ability to prevent New Yorkers from visiting a particular Website or receiving a particular mass e-mailing.[208] Thus, conduct that is legal in the sender's state can subject the sender to prosecution in New York.[209] As a result, the sender's home state's policy would be subordinated to New York's local concerns, in violation of the Dormant Commerce Clause.[210]

  45. Although the court's first test purports to rely on Supreme Court precedent, this test is not common among other courts that have considered Dormant Commerce Clause issues.[211] The fact that other courts have not employed the same test may call it into question. The test could be justified as a way to address the comity concerns raised in Gore,[212] but it simply goes too far. Although one could characterize the state action in both Gore and American Libraries as attempts to influence the nationwide behavior of a private entity, doing so would miss the point. The punitive damages award in Gore violated the Dormant Commerce Clause because it actually punished BMW in Alabama for lawful activities carried out in other states.[213] In American Libraries, on the other hand, New York's law may have sought to limit activities that are legal outside of New York, but the punishable conduct in question directly involved New Yorkers in New York State. The distinction seems fundamental, but the court missed it.[214]

  46. The American Libraries court may have been saying that the New York law violated comity because it reached out to punish transmissions of obscene computer messages from other states -- conduct that, in the court's view, occurred wholly outside of New York. This rationale comes up short for two reasons. First, the court's concern is not so much a Dormant Commerce Clause concern as it is a long-arm jurisdiction concern. By superimposing jurisdictional concerns on top of Dormant Commerce Clause issues, the court needlessly expanded the reach of the Commerce Clause. Second, the court was inaccurate in concluding that all out-of-state Internet messaging qualifies as conduct wholly outside of New York. Whereas postings to Web sites and computer bulletin boards may qualify as out-of-state conduct, it is not at all clear that purposefully sending electronic messages to a certain state qualifies as out-of-state conduct.[215] Given these weaknesses in the American Libraries test, other courts are unlikely to embrace it.

  47. Perhaps what was most troubling to the court was a notice question: due to the nature of the Internet, someone sending a message from Connecticut could not know that his message was actually traveling to a recipient in New York.[216] Likewise, someone who creates a Web page has no way of knowing whether New Yorkers will access her Web page. If this aspect of the New York law is what bothered the court, then the problem boils down to notice. To address this concern, effective anti-spam legislation must provide a foolproof method of letting the sender know the geographic domicile of the e-mail recipient. If the anti-spam law provides proper notice, concerns like those expressed in American Libraries may be avoided, and at least one Dormant Commerce Clause obstacle cleared.

  48. The weakness or novelty of the court's first test may have prompted it to evaluate the New York law under two other tests.[217] The second test was that state laws are invalid if they invade an area of commerce that must be marked off as a national preserve to protect against inconsistent legislation.[218] The Internet, concluded the court, is one such area of commerce because it requires national, or even global, cooperation.[219] Absent consistent regulation, the court concluded, chaos would ensue and the development of the Internet could be paralyzed.[220] As examples, the court pointed to Supreme Court precedent striking down state statutes that established interstate railway rates,[221] limited the length of railway cars,[222] and required truckers to use a certain type of mudguard.[223] The court noted that, as in those cases, other states had already enacted laws that conflicted with the New York law.[224] Further, Internet users would be in a worse position than railroads and truckers, who can avoid a certain state, because Internet users "cannot foreclose access to [their] work from certain states or send differing versions of [their] communication[s] to different jurisdictions."[225] The court concluded that the need for uniformity in Internet commerce necessitated that New York's law be stricken as a violation of the Commerce Clause.[226]

  49. The court's analysis under this test provides some clear guideposts for drafting an anti-spam law that will withstand Dormant Commerce Clause scrutiny. To begin, advocates of anti-spam legislation should recognize that a court may follow the lead of American Libraries and find that Internet e-mail demands national uniformity and, thus, state laws would be per se violations of the Dormant Commerce Clause. With this possibility in mind, means are available to minimize the chances of such a holding. First, the anti-spam law must emphasize the interests it seeks to protect. Because these interests -- cost-shifting, privacy, and trespass -- have strong analogs in the common law and state police power, regulation of e-mail could qualify as an area of traditional state regulation.[227] Moreover, because all states proscribe trespass, the anti-spam law would not cause new state-to-state inconsistency concerns.[228] Second, any effort to regulate spam should provide marketers with a way of avoiding transmissions to a particular state. The court's analysis in American Libraries demonstrates a lingering concern over laws that force Internet users to tailor their messages to meet one state's law (or conflicting state laws) because the user cannot know which messages will go to a certain state. This concern stemmed from the fact that e-mail addresses do not disclose a user's geographic location.[229] Thus, anti-spam legislation should allow marketers to bypass certain states by ensuring that spammers know the geographic domicile of their target audience. Finally, the anti-spam law should be drafted to minimize conflicts with other states' regulatory regimes. To this end, the law's provisions should be state-specific and avoid forcing marketers to alter the methods they use to contact citizens in other states. An anti-spam law that is carefully crafted to meet these concerns would have a good chance of overcoming Dormant Commerce Clause challenges.

  50. The final test employed in American Libraries was the Pike test.[230] In the first step of the test the court found the goal of the Act -- to protect children against pedophilia -- was "quintessentially legitimate."[231] In the second step, however, the court found that the law's local benefits were "not overwhelming."[232] The statute would have no effect on activities that occur outside the United States, the State would have problems asserting jurisdiction over out-of-state parties, and few prosecutions would result from large expenditures of police time and resources.[233] On the other side of the balance, the law would impose an "extreme" burden on commerce.[234] Because the scope of the Act was "worldwide," it would therefore have had a chilling effect far beyond cases the State chose to prosecute.[235] Furthermore, the Act's high compliance costs, coupled with the threat of criminal sanctions, could drive some users off of the Internet entirely.[236] The court concluded that the balance weighed against the New York law.[237]

  51. Anti-spam legislation should fare well under the Pike test. The American Libraries court's application of this test provides some useful lessons for drafters of anti-spam legislation. As discussed in Section IV, courts are likely to find that the government's interest in restricting spam is legitimate. On the scales of the Pike balancing test, American Libraries suggests that any state effort to regulate Internet transmissions will suffer from an inability to reach international offenders. The other shortcomings raised in American Libraries, however, could be avoided by careful crafting of the anti-spam law. With regard to the local benefits of anti-spam legislation, the American Libraries concern about jurisdiction over out-of-state residents can be avoided by ensuring that the state's long-arm statute confers sufficient jurisdiction on the state's courts.[238] Anti-spam legislation should also be crafted to avoid a regime where few prosecutions would result from large expenditures of state resources.[239] Certainly, anti-spam legislation that creates an enforcement regime where individuals, businesses, and ISPs carry out the law through private causes of action would avoid fruitless expenditures of state resources. On the other side of the Pike balance, an anti-spam law should be drawn so as to avoid a chilling effect that threatens to drive legitimate advertisers off the Internet.[240] Again, the American Libraries court's concern in this area may have been driven by notice, because the law could reach unwitting Internet users, a chilling effect would ensue. Heeding this lesson, a state anti-spam law must provide spammers with reasonable notice that they will be subject to prosecution or fines in that state. If these concerns of the court are met, the anti-spam law may be weighed favorably under the Pike balancing test.

    C. State Court Jurisdiction

  52. Assertion of state jurisdiction over out-of-state marketers is another thorny issue for anti-spam legislation.[241] The central concern is whether a state's long-arm statute and due process considerations support jurisdiction over marketers that simply transmit electronic signals into a state.[242] To address this issue, a quick review of first-year Civil Procedure is necessary.

  53. In International Shoe Co. v. Washington, the Supreme Court held that personal jurisdiction need not be predicated on physical presence in a state, but may be constitutionally exercised if a nonresident defendant has minimum contacts with the forum state.[243] The minimum contacts test depends on the relationship between the would-be defendant and the forum state, considered in light of "traditional notions of fair play and substantial justice."[244] Under minimum contacts analysis, jurisdiction is proper when the defendant undertakes purposeful activities directed at the forum state such that the defendant gains the benefits and protections of the state's laws.[245] With regard to specific jurisdiction,[246] a single commercial contact can meet the minimum contacts/fundamental fairness test,[247] provided that the defendant "purposefully avail[ed] itself of the privilege of conducting activities within the forum State."[248] Likewise, a state can assert jurisdiction over a defendant who commits one tortious act in the forum state.[249] Specific jurisdiction is only valid, however, when the alleged injury arises out of, or relates to, an action by the defendant that was purposefully directed towards forum residents.[250]

  54. Each state's jurisdictional reach is limited both by its long-arm statute and due process fairness requirements. In general, state long-arm statutes simply codify the fairness requirements enunciated in International Shoe and its offspring.[251] Courts have interpreted Virginia's long-arm statute[252] to confer jurisdiction to the full extent permissible under the due process clause.[253] However, because the statute lists specific instances in which a court may exercise jurisdiction, the extent of the state's jurisdiction "has traditionally been analyzed within the context of those situations specified under the Act."[254] For present purposes, three of these situations are most important. Virginia's courts have jurisdiction over a person when the cause of action arises: (1) from business transactions in Virginia; (2) from a tortious injury caused by acts or omissions in Virginia; and (3) from a tortious injury caused by acts or omissions outside of Virginia, provided that the defendant has regular business ties to Virginia, engages in a persistent course of conduct in Virginia, or derives profits from goods or services tendered in Virginia.[255] Although Virginia's long-arm statute is a "single act statute," requiring only one act in Virginia to confer jurisdiction,[256] an external tortious act must be linked to some sort of regular activity undertaken by the defendant within Virginia.[257]

  55. Because anti-spam legislation would seek to regulate all spam transmissions into Virginia, the state's courts must have jurisdiction over spammers from other states, even if they send just one wave of spam into the Commonwealth. Fortunately, such jurisdiction comports with both the state's long-arm statute and due process requirements. Without question, Virginia can assert jurisdiction over spammers that carry on business within the Commonwealth.[258] The following paragraphs will discuss three more complicated jurisdictional situations: (1) spammers that regularly send bulk e-mail into Virginia from other states; (2) spammers that send one wave of bulk e-mail into Virginia from other states and maintain a Web site or have other contacts with the state; (3) spammers that send one wave of bulk e-mail into Virginia from other states, but have no additional contacts with the Commonwealth.[259]

  56. Virginia can almost certainly exert jurisdiction over spammers that regularly send bulk e-mail into the Commonwealth from other states. Two provisions of the long-arm statute may apply. First, the long-arm statute provides for jurisdiction over any person that transacts business in Virginia.[260] Under this provision, any marketer whose spam leads to sales of goods or services to Virginia residents would, thus, be subject to jurisdiction in Virginia. Second, even if the spammer does not transact business in Virginia, it may be subject to jurisdiction if its actions cause tortious injury in Virginia and it regularly solicits business or engages in a persistent course of conduct there.[261] As discussed earlier, spamming can be a trespass or an invasion of privacy akin to trespass. Thus, because the injuries caused by spamming would be tortious, the first part of the statutory requirement is met. The second part of the statute would also be met because, by definition, regular spamming is regular solicitation. Thus, Virginia courts should have no problem asserting jurisdiction over out-of-state spammers that regularly target the Commonwealth.

  57. One-time spammers are a different story. Because their spamming would be only one act in the state, they may not, absent other contacts, come under the long-arm statute, which requires some regular course of conduct.[262] In Telco Communications v. An Apple a Day, however, the Eastern District of Virginia held that a passive Web site accessible to Virginia residents constitutes a persistent course of conduct conferring jurisdiction.[263] Although it is impossible to estimate how many spammers have established Web sites, we can reasonably anticipate that many have done so for the purpose of facilitating sales. The broad sweep of the court's decision in Telco makes all such spammers subject to jurisdiction in Virginia.[264] Other non-Internet contacts such as direct postal marketing or advertising in Virginia newspapers may also subject one-time spammers to suit in Virginia courts.[265]

  58. The third, and most difficult, situation for jurisdictional purposes is the spammer that has no other contacts with Virginia aside from an isolated bulk e-mailing. Because the spammer's activities would not establish regular solicitation or a persistent course of business within Virginia, jurisdiction would have to rely on another section of the long-arm statute. In general, one tortious letter[266] or a single, business-oriented phone call[267] is usually not enough to establish jurisdiction absent other contacts. The Telco court, however, provided another option.[268] The court held that a telemarketer was subject to personal jurisdiction in Virginia where it posted allegedly defamatory press releases on a passive Internet site.[269] After finding that jurisdiction was proper under the long-arm statute's provision for regular business or a "persistent course of conduct,"[270] the court added that the defendant was also subject to jurisdiction under subsection (a)(3) of the Virginia long-arm statute, which allows jurisdiction over a person who causes "tortious injury by an act or omission in this Commonwealth."[271] In reaching this conclusion, the court relied on the jurisdictional theory set forth by the Virginia Supreme Court in Krantz v. Air Line Pilots Assoc., International.[272] The court reasoned that, but for the ISPs and users present in Virginia, the alleged tort of defamation could not have occurred in Virginia because defamation occurs wherever the offensive material is circulated or distributed.[273] In addition, because Telco is located in Virginia, it absorbed the harm in Virginia.[274] The defendants should have anticipated being haled into court in Virginia because they should have known both that the press releases would have been distributed in Virginia and that Telco was located in Virginia.[275]

  59. Applying this logic in the context of spammers, it seems that Virginia courts could assert jurisdiction over one-time spammers from other states, even if they had no other contacts with the Commonwealth. Because spamming is tortious, the only question remaining under the long-arm statute is whether or not the injury resulted from an act or omission that occurred in Virginia.[276] Both Krantz and Telco held that particular torts occurred in Virginia because they could not have been carried out without the participation of entities within the state.[277] When a spammer transmits bulk e-mail into Virginia, the resulting trespasses to Virginia ISPs could not occur but for the ISPs computer equipment, which sits in Virginia. The same goes under a cost-shifting rationale because Virginia ISPs are forced to absorb shifted-costs through their operations in Virginia. Similarly, when spammers shift advertising costs to, or invade the privacy of, Virginia citizens, the effects are absorbed where the individuals reside. It follows that Virginia courts should have jurisdiction over one-time spammers that trespass on ISPs, shift costs to ISPs or individuals, or invade Virginians' personal privacy.[278]

  60. One objection that spammers will raise against anti-spam legislation is that they cannot possibly surmise a person's geographic location from an e-mail address.[279] Indeed, "Internet protocols were designed to ignore rather than document geographic location."[280] This aspect of e-mail certainly raises a significant question of fairness. For jurisdiction to be proper, the defendant must reasonably anticipate being haled into court in the forum state.[281] To address this issue, anti-spam legislation should ensure that spammers know when they are sending spam into Virginia. With regard to Virginia ISPs, notice could be provided by a Web page maintained by the Attorney General. As for the location of Virginia e-mail users, the best solution may be to attack the problem at its root by placing a geographic identifier in the e-mail address itself. Such an option, discussed in Section VII, would counter spammers' objections by providing clear and effective notice that they are entering Virginia's jurisdiction.[282]

    D. Policy Issues

  61. With the legal groundwork established, the time is right to consider a number of practical and policy questions that will shape the contours of the anti-spam bill proposed in this article. This section poses several questions and attempts to flesh out reasonable answers. The answers, in turn, will help determine the final structure of the Virginia anti-spam law.

    1. Given that spam is a problem, why not let the federal government solve it?

  62. Like air pollution, spam is a problem with national implications, and it pays no heed to geographic boundaries. One might reasonably ask, then, why Virginia should not leave the problem to federal regulators.[283] The answer to this question is three-fold. First, spam is a problem now. Although several members of Congress have proposed anti-spam legislation, the bills have not moved.[284] Indeed, they seem unlikely to move anytime soon as Congress finds itself involved with the upcoming election and impeachment deliberations. Meanwhile, Virginia's citizens and businesses continue to be bombarded by intrusive commercial e-mail. In the short term, state regulation may be the only way to stem the flood of spam.

  63. The second reason that Virginia should act is that the effects of spam, though national in scope, are keenly felt on the local level. Individuals' privacy is invaded, ISPs' computer systems are paralyzed, and both absorb the costs shifted to them by spammers. As noted above, the effects of spam are tortious in nature and, thus, fall within the realm of activities that states traditionally have proscribed.

  64. Finally, Virginia is simply a good place to start regulating spam. As much as 50 percent of the world's e-mail traffic travels through the Commonwealth, and Virginia has made efforts to portray itself as a haven for high-tech companies.[285] If Virginia is going to live up to its role as a high-tech leader, it should promote laws that allow ISPs and other Internet companies to protect themselves against significant threats like spam. Furthermore, as a high-tech state, Virginia has a significant stake in the development of Internet law.[286] Thus, even if a federal anti-spam law is forthcoming someday,[287] Virginia should be a laboratory for developing ways to protect the Internet and the companies that serve it. A workable anti-spam law would provide a good start.

    2. Rather than jeopardize development of the Internet, would it not be better to let the market solve the problem?

  65. Some Internet companies, consumer groups, and commentators have suggested a market-based solution to the spam problem, with minimal or no government interference.[288] Along the same lines, some have suggested that filtering software or other technology will provide the best solution.[289] The discussion in Section III, however, makes clear that neither self-regulation nor technology has worked. To the contrary, spam has proliferated, and ISPs have started to battle spammers in the courts. Simply put, the market has already failed.

  66. Nevertheless, the market can be used to make a good spam law better. Thus, anti-spam legislation should attempt to take advantage of positive market forces to the extent possible. For this reason, a complete ban on spam would be imprudent. Instead, the law should allow ISPs to decide for themselves whether or not to ban spam. If consumers truly detest spam, they will depart spam-friendly ISPs and flock to companies that effectively block intrusive e-mail.

    3. Considering the budget constraints and other priorities that state authorities already face, who will enforce the law?

  67. All indicators in this area point to the need for private enforcement. Although anti-spam legislation could place all enforcement authority in the hands of the Attorney General, state authorities may not have the resources or motivation to prosecute junk e-mailers, especially for random spam messages received by private users.[290] On the other hand, there is reason to wonder whether spam recipients who receive 50 or 100 spam messages will actually be willing to go to court to sue spammers.[291]

  68. The best solution would be to place ISPs at the center of the anti-spam enforcement scheme, while providing for a mix of enforcement options. ISPs have a strong motivation to fight spam.[292] When they win, their operating costs are reduced, computer resources are freed up, and their subscribers are pleased.[293] Allowing ISPs to control spam also seems logical from a cost-allocation perspective. Whereas individual users incur few financial costs from spam invasions, especially if they pay a flat monthly fee for e-mail service, ISPs incur substantial costs from spam and its effects.[294] Furthermore, ISPs as a whole are in a better position than individuals to gather the resources necessary to enforce anti-spam provisions.

  69. However, not everyone believes that ISPs will actually seek to prosecute spammers. One commentator asserts that ISPs have disincentives to fight spam -- for example, their customers will pay less in on-line fees.[295] Although the rash of litigation brought by ISPs seems to discredit this view,[296] this commentator also makes the important point that some ISPs are clearly willing to provide their services to spammers.[297] Also, other ISPs may not have the will or the wherewithal to sue spammers under a new anti-spam law. Given these concerns, it seems that an anti-spam law would be incomplete without a cause of action for e-mail users. Although these users may have little incentive to bring suit for minimal damages, larger damage awards and the availability of attorney fees would encourage more individual enforcement. Larger damage awards, however, create fairness concerns, especially if spammers have no way to know when they will be subject to suit. The most equitable solution, it seems, would be an "opt-out" scheme that would essentially create a property interest in a spam-free e-mail account. By opting to establish such an account, users would draw a bright line that spammers can see. Those who cross the line will be liable for significant damages and attorney fees. Section VII discusses how these spam-free accounts would be established and protected.

    4. If ISPs are having a difficult time eliminating spam, how will anti-spam legislation do any better?

  70. Admittedly, spammers are an elusive lot. They have been able to defeat filtering software, evade professional spam hunters, and use a host of tricks to shroud the origination point of their spam messages. Their deception, however, has been driven by the perverse cost-benefit scheme of Internet e-mail, where the spammer externalizes its advertising costs and is left to spam away at virtually no cost. Furthermore, the low marginal cost of sending each additional e-mail creates an incentive for spammers to send more spam. What results is an utterly inefficient system, where many users and ISPs are forced to absorb costs and annoyance while the overwhelming number of spam messages fall on unreceptive ears (or eyes).

  71. A comprehensive spam law should seek to correct these inefficiencies as a first step towards controlling spam. By allowing e-mail users to opt out of spam, the law would give these users a way to remove themselves from the cost-shifting and annoyance of spam. At the same time, spammers would not waste their time advertising to these recalcitrant consumers. Put another way, an opt-out scheme will not detract from the efficacy of spam because consumers who are open to spam will still receive it.

  72. An opt-out scheme would also simplify enforcement in two ways. First, it would reduce deceptive spamming. Because those consumers who do not opt out will have tacitly agreed to receive spam, spammers will no longer need to disguise their messages. Second, an opt-out scheme would create a discrete category of enforcement cases, i.e., those spammers that continue to send spam to "spam- free" accounts. This narrowing of the enforcement universe will allow consumers to focus resources on the true bad actors. Moreover, the opt-out scheme will make the plaintiff's case fairly easy. Consumers who decide to sue spammers will not have to prove fraud, deception, or other intent. Instead, the plaintiff's case would be reduced to showing that a particular spammer sent an e-mail to a user who had opted out.

  73. The preceding discussion still does not explain how individuals or the state will be able to link spamming to deceptive marketers. Although ISPs are stymied by spammers that "spoof," the ISP litigation proves that some companies have been able to find deceptive spammers.[298] Thus, at least some ISPs have the technology to hunt down some deceptive spammers. More importantly, an anti-spam law that provides a predictable cause of action and enticing damage awards would give ISPs more incentive to pursue spammers and develop better technology. Given the incentives and technology that are necessary to undertake anti-spam enforcement, ISPs must be at the center of any effective anti-spam law. In turn, that law must encourage ISPs by giving them the legal means to bring spammers to justice and to recover a level of damages that makes it worth their while to do so.

    VI. Five Options for Anti-Spam Legislation

  74. The preceding sections of this paper have discussed the need for anti-spam legislation, the interests it would serve, and the legal and policy issues it raises. Along the way, this discussion noted several recommendations for drafters of anti-spam legislation in Virginia. In summary, the Virginia law must: (1) be comprehensive and seek to regulate all types of unsolicited commercial e-mail or spam; (2) carry out the state's interests in preventing the shifting of costs to e-mail users and ISPs, protecting individual privacy, and restricting trespasses to the property of ISPs; (3) be narrowly-tailored to avoid First Amendment violations by directly advancing these government interests; (4) ensure that out-of-state spammers will be subject to suit in Virginia's courts; (5) seek to avoid Dormant Commerce Clause issues by providing notice and keeping a Virginia-specific focus; (6) promote Virginia's self-styling as a haven for high-tech industry; (7) use market forces in the fight to reduce spam; (8) provide an array of enforcement methods to ensure that ISPs, individuals, and government can all take action against spammers that violate the law; and (9) encourage ISPs to use their technology and resources to pursue bulk e-mailers.

  75. This section evaluates several options for regulating spam that have been proposed by state legislators,[299] members of Congress,[300] and commentators. Guided by the nine principles listed above, this section assesses the viability and effectiveness of each option. After concluding that each of these options either does not go far enough or suffers from other infirmities, Section VII of this paper presents a model scheme for a Virginia anti-spam law. This model scheme incorporates several ideas proposed by the other options, but also includes some novel approaches.

    A. Option 1: Prohibition Approach

  76. The most restrictive scheme proposed thus far is a total ban on unsolicited commercial e-mail.[301] A more popular approach is to prohibit e-mail solicitation unless the recipient has consented to receive such solicitations or has a preexisting business relationship with the sender.[302] The positive aspects of these prohibition schemes are that they would ban all kinds of spam and protect a wide range of state interests, because any person could seek redress for spamming violations.

  77. These broad schemes, however, pose some problems. Although Destination Ventures held that the First Amendment does not prevent Congress from banning commercial speech entirely from a particular means of communication based on cost-shifting concerns,[303] the Supreme Court has not explicitly approved such a complete ban. The Court has, however, approved a federal scheme whereby individuals could opt out of receiving postal junk mail.[304] In contrast, the prohibition schemes involved here require e-mail users to consent, or opt in, to receive spam; thus, they may be more susceptible to First Amendment challenges. In addition, because the state prohibition schemes all fail to notify the sender of the recipient's domicile in a particular state, they would probably confront the Dormant Commerce Clause concerns raised in American Libraries.[305] Finally, these schemes fail to take advantage of useful market forces. Specifically, they may come up short because they do not give ISPs a special role in enforcing anti-spam prohibitions. Such concerns would be better addressed by a different anti-spam regime.

    B. Option 2: Labeling Spam as Spam

  78. In a variation of Option 1, several legislators have proposed,[306] and one state has adopted,[307] laws that require all unsolicited commercial e-mail to identify itself as such in the header of the e-mail transmission. The majority of these bills propose a ban on spam, but exclude messages that provide an identifier in the e-mail header. The remainder of the proposals require all unsolicited e-mails to identify themselves as advertisements.

  79. Nevada Senate Bill 13,[308] which became law in July 1997, embodies the former approach. Section 7 of the Bill provides that a person who transmits an e-mail advertisement is liable to the recipient for civil damages unless the recipient has consented, has a preexisting business or personal relationship with the sender, or "the advertisement is readily identifiable as promotional, or contains a statement providing that it is an advertisement."[309] In addition, the e-mail must provide the sender's geographic and e-mail addresses and notify the recipient that he or she can decline further solicitations.[310] Other proposals were more specific, requiring a statement in "the first item of text" that the e-mail is an advertisement,[311] or requiring the word "advertisement" or "ADV" in the subject line of the message.[312]

  80. Supporters of the labeling approach point out that it enables recipients to filter unwanted e-mails without banning spam outright.[313] In addition, this approach would place fewer restraints on commercial speech and reduce the burden on ISPs to do blocking and filtering.[314] It would also impose minimal costs on spammers[315] and make compliance easy. The central problem with the labeling approach, however, is that it would not reduce the avalanche of e-mail that currently engulfs ISPs' computer systems.[316] Of course, individual users could easily delete the clearly-labeled messages, but the spam would continue to gobble up disk space and clog ISP's computer systems. Thus, despite its positive aspects, the labeling approach is an incomplete solution because it fails to address one of the central problems posed by spam.

    C. Option 3: Anti-Fraud Approach

  81. The second state anti-spam bill to become law takes an anti-fraud approach. Enacted in March of 1998, Washington House Bill 2752 prohibits the transmission of commercial e-mail to Washington citizens if the e-mail either: (1) uses a third-party domain name without permission or otherwise disguises the true point of origin of the e-mail; or (2) contains false or misleading information on the e-mail's subject line.[317] The benefits of this approach are that it would further the traditional state interest in protecting individuals and businesses from fraud, and would not be burdensome for honest marketers. The Washington approach would also avoid First Amendment infirmities because the Constitution does not protect deceptive commercial speech.[318] Finally, by forcing accurate addresses, this approach would potentially enable filtering technology to block unwanted e-mail.[319]

  82. This last point notwithstanding, the Washington approach simply does not go far enough to reduce the problems caused by spam.[320] In particular, it comes up short in its reliance on technology as the ultimate solution. Given the spammers' ability to circumvent current blocking software, they are likely to develop new, non-fraudulent methods. For example, spammers may be able to transmit their advertising via anonymous "remailers."[321] Moreover, requiring individuals to buy spam-blocking software simply shifts costs to them in a different way than spamming currently does.[322] Finally, like Option 2, this approach would not significantly reduce the overall amount of spam clogging ISP's systems because non-fraudulent spam would remain unregulated. In short, prohibiting "spoofed" spam is only a partial solution at best.

    D. Option 4: Spamming as Trespass

  83. As of this writing, California Assembly Bill 1629[323] has passed the Assembly and is awaiting signature by Governor Pete Wilson.[324] This Bill and a copycat proposal in Alaska[325] are alone among the anti-spam proposals because they are based on the trespass theory developed in cases such as CompuServe Inc. v. Cyber Promotions, Inc.[326] and Earth Link Network, Inc. v. Cyber Promotions Inc.[327] The California Bill essentially classifies spammers as electronic trespassers.[328] Under the Bill, an "electronic mail service provider" may bring an action for damages against any party that violates its policy against "unsolicited electronic mail advertisements."[329] Much like the bills discussed in Option 1, an "unsolicited electronic mail advertisement" is defined as any electronic mail message that seeks to promote the sale of goods and services and is sent to a recipient that has not consented to the solicitation and does not have a preexisting business or personal relationship with the sender.[330] A violation of the law occurs whenever a party uses the service provider's equipment "located in this state" in violation of the provider's spam policy.[331] To prove a violation, the service provider must establish that the defendant had notice of both the provider's policy and the fact that the defendant's spam would use the provider's equipment in California.[332]

  84. The California approach is innovative and achieves many of the objectives that this paper suggests for effective anti-spam legislation. First, the Bill's focus on trespass avoids free speech concerns because the First Amendment is not a defense to trespass.[333] Second, the trespass approach should also minimize the Dormant Commerce Clause concerns raised in American Libraries because trespass is a quintessentially local issue, and the California Bill ensures that out-of-state spammers will be liable only when they have notice of the ISP's location and anti-spam policy. The third favorable aspect of the California approach is that it places ISPs in the lead enforcement role. By empowering ISPs, the bill reduces government intrusion into the Internet[334] while also placing the enforcement responsibility with the parties that are most motivated and best equipped to pursue spammers. Finally, the California approach uses market forces in the fight against spam. Because the law would not ban spam, ISPs may choose to deliver junk mail to their customers and seek compensation from spammers.[335] This compensation, in turn, could subsidize lower on-line charges for subscribers.[336]

  85. In sum, the California approach seems the best of the lot. Still, it could be better in two ways. First, it provides no recourse for e-mail users whose ISPs choose not to pursue spammers or even issue an anti-spam policy. Of course, users can always change service providers, but in doing so they will incur the expense and inconvenience of opening a new e-mail account. The result would be just the type of cost-shifting that anti-spam legislation seeks to eradicate in the first place. This shortcoming could be alleviated by combining the California trespass approach with a cause of action for e-mail users. The second weakness in the California law is its notice requirements. The requirement of "actual knowledge" is problematic in that it could encourage spammers to practice "willful blindness" by not attempting to learn about ISPs' anti-spam policies or the location of ISPs' computer equipment. The Virginia law should incorporate a notice provision that avoids the willful blindness problem while also ensuring due process.

    E. Option 5: Opt-Out Approaches

  86. Several state legislators have proposed "opt-out" schemes that allow e-mail users[337] and ISPs[338] to shield themselves from spam transmissions. California Assembly Bill 1676 is typical of this approach. The bill requires that every sender of unsolicited commercial e-mails maintain a toll-free number or e-mail account where recipients can tell the sender not to spam them anymore.[339] All spam must also include a statement notifying the recipient about the toll-free number or e-mail account.[340] An approach introduced in the Virginia House would prohibit ISPs from selling or releasing the names and addresses of their subscribers without consent.[341] In seeking this consent, the ISP is required to determine the types or categories of unsolicited e-mail -- including pornography, get-rich-quick schemes, and sales promotions -- that the subscriber does not wish to receive.[342]

  87. Opt-out schemes provide a good framework for effective anti-spam laws, but only when they will actually work. The user opt-out schemes discussed above will most likely be ineffective because spammers have been notoriously deceptive about user requests to be removed from mailing lists. Moreover, even if the spammer heeds the user's request, the user's e-mail address has most likely been passed on to other spammers through mailing list brokers. Given these problems, opt-out schemes of this type will not relieve the spam problem and should not be emulated. In contrast, user opt-out schemes that rely on the ISP, and not the spammer, have a greater chance of success. Thus, to some extent, the Virginia proposal is a step in the right direction. Nevertheless, it suffers from the same problems as the other user opt-out schemes. It is unlikely to keep e-mail addresses off mailing lists because there are a multitude of ways to harvest addresses from the Internet. Moreover, the Virginia proposal would do nothing to help users whose e-mail addresses are already on such mailing lists.

  88. Opt-out schemes for ISPs are a different story. The trespass-based proposals in California and Alaska are one type of opt-out scheme for ISPs, but a bill introduced in New Hampshire takes a different tack. That bill would allow an ISP to opt-out of junk e-mail by registering with the state to become a "restricted solicitation electronic mail provider."[343] The ISP essentially opts out for all of its subscribers because the bill would create a presumption that any e-mail address served by a restricted solicitation provider does not wish to receive spam.[344] The proposal would make it an offense to send unsolicited commercial messages to such e-mail addresses, unless the provider designates the address as one that is open to spam.[345]

  89. California Assembly Bill 1629 (discussed in Option 4 above) is an approach that combines the best aspects of an opt-out scheme with an innovative trespass approach. As mentioned, the California approach will make up one component of the model Virginia anti-spam legislation proposed in this paper. The model legislation will also incorporate aspects of the New Hampshire registration scheme to cure weaknesses in the notice provisions of the California Bill.

    VII. Model Virginia Anti-Spam Legislation: The E-Mail Property and Privacy Protection Act of 1998

  90. The attached bill -- The E-Mail Property and Privacy Protection Act of 1998 ("the Act") -- would create a comprehensive scheme to address the spam problem in Virginia. Specifically, the Act would create causes of action for ISPs, users, and the government, to prevent cost-shifting, trespasses to property, and invasions of privacy. In addition, the Act would prohibit "spoofing" and attach criminal sanctions to such violations. Each section of the Act also ensures that service providers will not be liable for acting as an intermediary in the delivery or transmission of spam that violates the Act.

  91. The central provision of the Act, § 8.01-40.3(B), provides a cause of action for ISPs against spammers. Based on California Assembly Bill 1629, this provision would allow ISPs with equipment in Virginia to sue spammers when they trespass on that equipment. To qualify to use this cause of action, an ISP must first develop an anti-spam policy and register it with the Attorney General. In turn, the Attorney General's office will maintain a Web page that lists the registered ISPs and either displays their anti-spam policies or provides a link to individual ISP Web pages where the policies are available. To ensure that spamming does not shift enforcement costs to ISPs, the Act allows them to recover attorney fees as part of damages. As discussed earlier, this trespass approach should minimize First Amendment and Dormant Commerce Clause concerns. Also, the registration/Web page requirement draws on the New Hampshire proposal to ensure that spammers will have proper notice of Virginia's law. Furthermore, by putting ISPs at the center of the enforcement scheme, this approach takes advantage of the fact that ISPs have the greatest incentive and the most resources to battle the spam problem. At the same time, the Act would not ban spam; ISPs are free to receive spam if they want and may choose to charge a fee to spammers, thereby defraying operating costs.

  92. The Act also recognizes that not all ISPs will adopt anti-spam policies or prosecute spammers. To address this concern, § 8.01-40.3(C) of the Act creates an "opt-out" scheme and a corresponding cause of action for individual e-mail users. Virginia e-mail subscribers whose ISPs do not prohibit spam will be able to obtain a "spam-free" ("unsolicited commercial e-mail-free") code in the e-mail address issued to them by their ISPs. The Act will require every non-registered ISP to provide a "UCE-free" code upon request. Spammers that violate the law by sending unsolicited commercial e-mail to "UCE-free" accounts will be subject to a suit for damages of $1000 per message and attorney fees. To ensure that the holders of "spam-free" accounts are actually Virginia residents, the Act allows for an affirmative defense if the defendant can prove that the plaintiff was not domiciled in Virginia at the time of the offending transmission. The Act's opt-out scheme will provide users with an effective way to fight spam without imposing an overall ban. Because this scheme is consistent with Rowan, it should avoid First Amendment problems. Furthermore, it should also pass muster under the Dormant Commerce Clause because it is Virginia-specific and provides clear notice, through the e-mail address itself, that the potential spam recipient resides in Virginia.

  93. The third major provision of the Act, § 18.2-216.2, is a prohibition on "spoofing," or using fraudulent e-mail return addresses or domain names. This provision will reside in Article 8 of the Virginia criminal code, which concerns misrepresentations and other offenses connected with sales. Defendants who violate this provision by misusing e-mail addresses or domain names will be subject to criminal prosecution by the Attorney General. In addition, any person aggrieved by such violations may seek civil damages of $1000 per incident and attorney fees. This provision would also allow the court to award treble damages for knowing violations. In concert with the other parts of the Act, this provision's strict sanctions should help deter the fraudulent and deceptive practices used by spammers.

  94. The E-Mail Property and Privacy Protection Act of 1998 would put Virginia on the cutting edge of anti-spam legislation. Moreover, the Act would be an important step in the direction of making the Commonwealth a haven for high-tech industries. The Act's comprehensive approach would protect ISPs and individual users while placing the costs of advertising where they belong -- with the advertiser. The Act also recognizes that regulation, and not prohibition, is the best way to control spam. Its regulatory scheme will stem the tide of spam, protect ISPs' equipment and services, reduce invasions of privacy, and thereby protect the integrity of a valuable, but threatened, mode of communication.

    VIII. Appendix: The E-Mail Property and Privacy Protection Act of 1998

    A BILL to amend the Code of Virginia by adding sections numbered § 8.01-40.3 and § 18.2-216.2 relating to trespass to Internet Service Providers, "unsolicited commercial e-mail-free" electronic mail accounts, and misuse of Internet e-mail addresses and domain names.
    Be it enacted by the General Assembly of Virginia:



[1] See Johanna Bennett, Should Spam Be Banned?, DOW JONES NEWS SERVICE, July 21, 1998 at 11:40 ("It's reviled. It's annoying. It's cyberclutter of the most detestable sort."); Hotmail Corp. v. Van$ Money Pie Inc., 1998 WL 388389 *1 (N.D. Cal 1998) (the transmission of unsolicited commercial e-mail is widely condemned in the Internet community).

[2] CompuServe Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015, 1018 (S.D. Ohio 1997); Bennett, supra note 1, at 11:40; Hotmail, 1998 WL 388389 at *1. The term "spam" may have first been used to describe the practice of repeatedly making the same point in rapid succession to dominate play in multiple user domains (MUDs). Mary M. Luria, Controlling Web Advertising: Spamming, Linking, Framing, and Privacy, COMPUTER LAW., Nov. 1997, at 10. The term most likely originates from a Monty Python skit where diners in a restaurant repeat the word "spam" ad nauseam because spam is an ingredient of every dish on the menu. Joshua A. Marcus, Commercial Speech on the Internet: Spam and the First Amendment, 16 CARDOZO ARTS & ENT. L. J. 245, 247 (1998) (citing Monty Python's Flying Circus: Episode 25 (BBC television broadcast, Dec. 15, 1970)).

[3] Sara Fisher, Spam Catchers Wage an Ever Vigilant War on Junk E-Mail, SAN DIEGO BUS. J., Apr. 20, 1998, at 6.

[4] Best and Worst of 1997, INTERNET WORLD, Jan. 1998, at 62.

[5] Bennett, supra note 1, at 11:40.

[6] See, e.g., James Evans, Putting the Lid on Junk E-Mail, INTERNET WORLD 15, 15 (Sept. 1997).

[7] See Susan E. Davis, Read This and It Will Change Your Life!, CAL. LAW., June 1997, at 48; America OnLine Announces "AOL's 10 Most Wanted Spammer List," BUS. WIRE, March 5, 1998, at 15:44.

[8] See Davis, supra note 7, at 48; Gus Venditto, Killing the Goose, INTERNET WORLD 10, 10 (Dec. 1997); Bennett, supra note 1, at 11:40; America OnLine Announces "AOL's 10 Most Wanted Spammer List," supra note 7, at 15:44 (listing spammers and sample texts from e-mails).

[9] See Hotmail Corp. v. Van$ Money Pie Inc., 1998 WL 388389 *1 (N.D. Cal 1998).

[10] See Michael W. Carroll, Garbage In: Emerging Media and Regulation of Unsolicited Commercial Solicitations, 11 BERKELEY TECH. L. J. 233, 234 (1996).

[11] Luria, supra note 2, at 11; see Bennett, supra note 1, at 11:40.

[12] See Bennett, supra note 1, at 11:40.

[13] See id.

[14] See infra notes 50-59 and accompanying text.

[15] See James Evans, Mail Overload: Spam Haters Fight Back, INTERNET WORLD, Dec. 1997, at 55.

[16] See infra notes 105-11 and accompanying text.

[17] See Sandra Brown Kelly, Internet Providers Band Together to Handle Cyber Issues, ROANOKE TIMES & WORLD NEWS, Aug. 25, 1998, at A5. Kathleen Sachs, who leads the Alliance, estimates that there may be as many as 400 ISPs in Virginia. Id.

[18] See infra notes 90-93 and accompanying text.

[19] See infra note 75 and accompanying text.

[20] See Richard C. Lee, Cyber Promotions, Inc. v. America OnLine, Inc., 13 BERKELEY TECH. L. J. 417, 428 (1998); Carroll, supra note 10, at 234.

[21] ACLU v. Reno, 929 F. Supp. 824, 830-32 (E.D. Pa. 1996); American Libraries Ass'n v. Pataki, 969 F. Supp. 160, 164 (S.D.N.Y. 1997).

[22] Cyber Promotions, Inc. v. America Online, Inc., 948 F. Supp. 436, 439 (E.D. Pa. 1996); ACLU, 929 F. Supp. at 830-32.

[23] ACLU, 929 F. Supp. at 830-32; American Libraries, 969 F. Supp. at 164.

[24] American Libraries, 969 F. Supp. at 164.

[25] See Shea v. Reno, 930 F. Supp. 916 (S.D.N.Y. 1996); Marcus, supra note 2, at 289.

[26] See Computer Expert Urges Rewrite of Junk E-mail Measure in Senate, LAS VEGAS REV.-J., April 12, 1997, at 6B (distinguishing e-mail as a "sender-push" technology, as opposed to "receiver-pull" technologies like the World Wide Web); Marcus, supra note 2, at 246.

[27] See Marcus, supra note 2, at 246.

[28] See id.; Computer Expert Urges Rewrite of Junk E-mail Measure in Senate, supra note 26, at 6B.

[29] See Cyber Promotions, 948 F. Supp. at 439; Anne E. Hawley, Taking Spam out of Your Cyberspace Diet: Common Law Applied to Bulk Unsolicited Advertising Via Electronic Mail, 66 UMKC L. REV. 381, 390 (1997).

[30] See American Libraries, 969 F. Supp. at 164-65.

[31] See id.; ACLU v. Reno, 929 F. Supp. 824, 833 (E.D. Pa. 1996).

[32] American Libraries, 969 F. Supp. at 164-65.

[33] See William S. Byassee, Jurisdiction of Cyberspace: Applying Real World Precedent to the Virtual Community, 30 WAKE F. L. REV.197, 201 n.17 (1995). To obtain initial access to the Internet, a service provider must obtain an Internet address and domain name from IANA, a clearinghouse that assigns Internet addresses and domain names. Cyber Promotions, 948 F. Supp. at 439.

[34] Byassee, supra note 33, at 201 n.17.

[35] See H.B. 2752 § 2, 55th Legis. (Wash. 1998) (enacted) (defining "Internet domain name").

[36] See American Libraries, 969 F. Supp. at 165.

[37] See id.

[38] See Davis, supra note 7, at 48.

[39] See id.

[40] See id.

[41] See Fisher, supra note 3, at 6; Evans, supra note 15, at 55.

[42] See Evans, supra note 15, at 55.

[43] See Davis, supra note 7, at 48; Venditto, supra note 8, at 10; Bennett, supra note 1, at 11:40.

[44] See Evans, supra note 15, at 55.

[45] See Evans, supra note 15, at 55; Fisher, supra note 3, at 6; People v. Lipsitz, 663 N.Y.S.2d 468, 471 (1997); CompuServe Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015, 1019 (S.D. Ohio 1997). But see Lee, supra note 20, at 426-27 (noting that the largest ISPs have introduced flat-rate pricing and the "vast majority" of Internet users now pay flat-rates). A recent on-line report also indicates that, although many e-mail users find unwanted e-mail annoying, the majority simply deletes the unwanted mail and does not consider them to be an invasion of privacy or a serious time or financial burden. See id.

[46] See Bennett, supra note 1, at 11:40.

[47] See id.

[48] See Venditto, supra note 8, at 10; Evans, supra note 15, at 55; Fisher, supra note 3, at 6; Luria, supra note 2, at 11. Although it seems clear enough that spammers are getting a free ride, there is some dispute over who pays the costs. Some Internet users have charged that ISPs simply pass their costs to subscribers. See Ian Zack, "Digital Terrorist" Still Battling Spam, ROANOKE TIMES & WORLD NEWS, Dec. 22, 1997, at C1. ISP supporters counter that, given the stiff competition in the ISP market, ISPs are more likely to absorb costs and a slimmer profit margin rather than risk losing their subscribers. See Lee, supra note 20, at 427; Venditto, supra note 8, at 10. In any case, what remains clear is that spammers are externalizing their advertising costs. It seems reasonable to posit that some costs will be absorbed by ISPs that seek to retain their market share, whereas other costs will be passed on to consumers because all ISPs are forced to absorb the same spam-related costs.

[49] See CompuServe Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015, 1018 (S.D. Ohio 1997).

[50] See Nick Wingfield, Silicon Valley Lawyer Looks for Legislative Win over Spam, DOW JONES NEWS SERVICE, Mar. 9, 1998, at 18:56; Fisher, supra note 3, at 6.

[51] See People v. Lipsitz, 663 N.Y.2d 468, 471 (1997); Cyber Promotions, Inc. v. America Online, Inc., 948 F. Supp. 436, 446 (E.D. Pa. 1996); Evans, supra note 6, at 15; Fisher, supra note 3, at 6.

[52] See Evans, supra note 6, at 15.

[53] See Lee, supra note 20, at 427; see also Venditto, supra note 8, at 10; Evans, supra note 15, at 55; Luria, supra note 2, at 11.

[54] See Luria, supra note 2, at 11.

[55] See id.

[56] See Fisher, supra note 3, at 6; Evans, supra note 15, at 55.

[57] See Fisher, supra note 3, at 6. One ISP, Earthlink, estimates that it has lost hundreds of thousands of dollars due to services, staff, and legal fees dedicated to spam-fighting. Id. Another casualty of the spam wars is legitimate e-mail. For example, Ameritech.net recently blocked all e-mails from AOL after spammers sent messages to AOL customers that falsely listed Ameritech.net as the sender's domain name. Swamped By Spam, Ameritech.net Blocked E-Mail From AOL, DOW JONES NEWS SERVICE, July 28, 1998, at 14:56. AOL automatically rejected the spam messages and returned them to Ameritech.net. Id. Because Ameritech feared that their systems would be jammed, it chose to delay much of the e-mail coming from AOL. Id.

[58] See Bennett, supra note 1, at 11:40.

[59] See Evans, supra note 15, at 55.

[60] See Davis, supra note 7, at 48; Fisher, supra note 3, at 6 (quoting Earthlink's Steve Dougherty as saying "Spammers are like roaches. As soon as you get rid of them in one place, they'll swarm the house next door.").

[61] See, e.g., Evans, supra note 15, at 55; Davis, supra note 7, at 48.

[62] See Evans, supra note 15, at 55.

[63] Davis, supra note 7, at 56.

[64] See id. at 48.

[65] See Evans, supra note 15, at 55.

[66] Id.

[67] See Davis, supra note 7, at 56.

[68] See Evans, supra note 15, at 56-57.

[69] See id.; Evans, supra note 6, at 15.

[70] For example, SPAM Attack Pro 2.0, which filters bogus e-mail from a list of 1,500 known solicitors, is available for $29.95. Evans, supra note 6, at 15.

[71] See Evans, supra note 15, at 55; People v. Lipsitz, 663 N.Y.S.2d 468, 471 (1997).

[72] See Carroll, supra note 10, at 254-56; Hawley, supra note 29, at 388.

[73] Evans, supra note 6, at 15.

[74] See Evans, supra note 15, at 55.

[75] Zack, supra note 48, at C1. In August, 1997, McClain-Furmanski and a group of Internet users erased thousands of messages sent from customers of UUNet Technologies (Falls Church, Va.), one of the nation's largest ISPs. See id. In November, the group struck again, issuing a UseNet Death Penalty to CompuServe. See id. Both companies have responded by promising to take additional measures to crack down on spam. See id.

[76] See Hawley, supra note 29, at 388; Carroll, supra note 10, at 254-56.

[77] See Carroll, supra note 10, at 254-56.

[78] See Hawley, supra note 29, at 388.

[79] Evans, supra note 6, at 16.

[80] See, e.g., People v. Lipsitz, 663 N.Y.S.2d 468, 471 (1997).

[81] See CompuServe, Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015, 1017 (S.D. Ohio 1997); Carroll, supra note 10, at 237, 268.

[82] See Fisher, supra note 3, at 6.

[83] See id. After shutting down the account of one spammer, Earthlink's spam catchers noted that "He'll be back as soon as he can open another account . . . . All it takes is another credit card, another name or another way to sneak by us. This is a real cat-and-mouse game." Id.

[84] See John Simons, Various Firms, Groups to Offer Ways to Curb Unsolicited E-Mail on the Internet, WALL ST. J., July 14, 1998, at B6; Wingfield, supra note 50, at 18:56; Evans, supra note 15, at 57-58; Lee, supra note 20, at 429.

[85] See Evans, supra note 15, at 57-58. "Technology solutions won't work because it's so cheap to send spam," says Paul Hoffmann of the Internet Mail Consortium. "It costs less than one cent per message, and marketers are willing to pay one cent to get around all the filters." Id.

[86] AOL has said that the real problems are e-mail fraud and the tricks spammers use to avoid filtering technology. See Bennett, supra note 1, at 11:40.

[87] See Evans, supra note 15, at 55; CompuServe Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015, 1019 (S.D. Ohio 1997).

[88] See Bennett, supra note 1, at 11:40.

[89] See People v. Lipsitz, 663 N.Y.S.2d 468, 471 (1997); Evans, supra note 15, at 56-57.

[90] See, e.g., America OnLine Announces "AOL's 10 Most Wanted Spammer List," supra note 7, at 15:44; Spammer on AOL's 10 Most Wanted List Backs Down, supra note 90, at 10:45; CompuServe, 962 F. Supp. at 1019; Nick Wingfield, "Spammer" Settles Suit With Internet Firm Earthlink for $2 Million, DOW JONES ONLINE NEWS, Mar. 30, 1998, at 22:54.

[91] America OnLine Announces "AOL's 10 Most Wanted Spammer List," supra note 7, at 15:44. "We look forward to taking them on one at a time," said AOL's CEO, Steve Case.

[92] See, e.g., Wingfield, supra note 90, at 22:54 (describing $2 million consent judgment between Earthlink and Cyber Promotions, Inc. that also requires Cyber to pay a $1 million fine if it spams Earthlink subscribers again or forges Earthlink addresses on his e-mails); Spammer on AOL's 10 Most Wanted List Backs Down, supra note 90, at 10:45 (reporting that Springdale Publications agreed permanently to end its practice of sending spam to AOL members); America OnLine Announces "AOL's 10 Most Wanted Spammer List," supra note 7, at 15:44 (noting AOL judgment against Prime Data Worldnet Systems, Inc., and settlement including a permanent injunction with Squeaky Clean Marketing).

[93] Wingfield, supra note 90, at 22:54 (reporting that Wallace speculated he had spent $500,000 in legal fees since 1996 and that lawsuits had paralyzed his business).

[94] For example, Earthlink's "spam catchers" have concluded that legislation is the only way to put an end to the spam problem. See Fisher, supra note 3, at 6. AOL has also announced that it may seek federal legislation. See America OnLine Announces "AOL's 10 Most Wanted Spammer List," supra note 7, at 15:44.

[95] See Lee, supra note 20, at 428.

[96] Id.

[97] See Fisher, supra note 3, at 6.

[98] Bresner et al., supra note 4, at 62.

[99] Venditto, supra note 8, at 10; see also CompuServe Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015, 1018 (S.D. Ohio 1997).

[100] See CompuServe, 962 F. Supp. at 1018.

[101] See Bennett, supra note 1, at 11:40.

[102] See Tim Jackson, Spammer in the Works, FINANCIAL TIMES, Mar. 16, 1998, at 14.

[103] See id.

[104] Evans, supra note 6, at 16.

[105] Marcus, supra note 2, at 250-51; See Carroll, supra note 10, at 234.

[106] See generally Marcus, supra note 2, at 251.

[107] Carroll, supra note 10, at 234.

[108] See Venditto, supra note 8, at 10.

[109] Id.

[110] Id. Some users have also complained that spam is a waste of the finite bandwidth through which all Internet communications flow. See Simons, supra note 84, at B6.

[111] See Carroll, supra note 10, at 234.

[112] See Fisher, supra note 3, at 6; America OnLine Announces "AOL's 10 Most Wanted Spammer List," supra note 7, at 15:44.

[113] See infra notes 299-345 and accompanying text.

[114] See infra notes 300, 302, 306, and 317.

[115] See infra notes 299-345 and accompanying text.

[116] Destination Ventures, Ltd. v. FCC, 46 F.3d 54, 56 (9th Cir. 1995).

[117] This interest, which is a "scarcity" interest, Carroll, supra note 10, at 237, could also apply in the spam context because ISPs assert that spam transmissions clog up their computers and hinder the flow of desired e-mails. Because these effects are so bound-up with cost-shifting to ISPs, the government's interest in preventing the overburdening of computer hardware is probably best expressed as a cost-shifting interest.

[118] See CompuServe Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015, 1018-21 (S.D. Ohio 1997); Cyber Promotions, Inc. v. America Online, Inc., 948 F. Supp. 436, 456 (E.D. Pa. 1996).

[119] See Carroll, supra note 10, at 277; see also Lee, supra note 20, at 426-27.

[120] See Bolger v. Youngs Drug Products Corp., 463 U.S. 60, 72 (1983) (striking down a federal effort to ban potentially offensive and intrusive direct-mail advertisements for contraceptives); see also infra notes 132-36, 168-72 and accompanying text. Of course, a proponent of an anti-spam measure could make a reasonable argument that flat fee users suffer cost-shifting as ISPs' increased costs are passed on to all users through their monthly fees. In any case, however, courts are likely to give less weight to the government's interest in protecting these consumers.

[121] See, e.g., Florida Bar v. Went For It, Inc., 515 U.S. 618, 625 (1995).

[122] Because the law tends to give business privacy interests less weight than the interests of individuals in their homes, cost-shifting was a more useful rationale to assert in the context of the federal fax law. See Carroll, supra note 10, at 250.

[123] Florida Bar, 515 U.S. at 625.

[124] Id.

[125] See id.

[126] Rowan v. United States Post Office Dep't, 397 U.S. 728 (1970).

[127] Id. at 736.

[128] See id.

[129] Id. at 736-37.

[130] See id. at 737.

[131] See id.

[132] Bolger v. Youngs Drug Products Corp., 463 U.S. 60 (1983).

[133] Id. at 72.

[134] Id.

[135] See Carroll, supra note 10, at 243-44.

[136] See id. at 243-44.

[137] See, e.g., Florida Bar, 515 U.S. at 625; Moser v. FCC, 46 F.3d 970, 974 (9th Cir. 1995).

[138] Moser, 46 F.3d at 973-75; see Carroll, supra note 10, at 248-49.

[139] See Bates v. State Bar of Arizona, 433 U.S. 350, 383 (1977).

[140] See generally Simons, supra note 84, at B6.

[141] Rowan v. United States Post Office Dep't, 397 U.S. 728, 737 (1970).

[142] See Hotmail Corporation v. Van$ Money Pie Inc., 1998 WL 388389, at *6 (N.D. Cal 1998) (granting anti-spam preliminary injunction in part based on trespass theory); CompuServe Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015 (S.D. Ohio 1997) (issuing anti-spam preliminary injunction based solely on trespass theory); Earth Link Network, Inc. v. Cyber Promotions Inc., No. BC167502 (Cal. Super. Ct. Los Angeles Cty., May 7, 1997) (granting anti-spam injunction on trespass grounds); see also Thrifty-Tel, Inc. v. Bezenek, 46 Cal. App. 4th 1559, 1564-66 (1996) (holding that computer hackers were liable under trespass to chattel theory for using a confidential access code to break into a phone company's computer system and generate over 1,300 automated phone calls, thus tying up the system and denying use to some subscribers).

[143] 962 F. Supp. at 1017.

[144] See id. at 1017-19.

[145] See id. at 1019.

[146] See id.

[147] See id. at 1017.

[148] See id. at 1020.

[149] See id. at 1021(citing RESTATEMENT (SECOND) OF TORTS § 217(b)).

[150] Id. (citing RESTATEMENT (SECOND) OF TORTS § 217, cmt. e).

[151] See id. The court found that electronic signals were physically tangible enough to support a trespass cause of action. See id. (citing Thrifty-Tel, Inc. v. Bezenek, 46 Cal. App. 4th 1559, 1567 (1996)).

[152] See id.

[153] See id. at 1022. The court also found that Cyber's intrusions into CompuServe's subscriber base had damaged the company's good will and business reputation. See id. at 1023.

[154] See generally Hawley, supra note 29, at 396.

[155] Some commentators have suggested that individual e-mail users could maintain a trespass action against spammers based on the common law, See Hawley, supra note 29, at 395-96, or the Supreme Court's holding in Rowan; Steven E. Bennett, Note, Canning Spam: CompuServe, Inc. v. Cyber Promotions, Inc., 32 U. RICH. L. REV. 545, 561-62 (1998). In contrast to a trespass on ISPs, which occurs to their computer equipment, individual users would need to assert trespass to their e-mail accounts. See id.; Hawley, supra note 29, at 395-96. Although such a trespass seems plausible, it is certainly more of a stretch than trespass to computer hardware. In contrast to the harms ISPs suffer, individual users may have some difficulty proving the actual damage necessary to sustain a trespass action. Moreover, courts may be reluctant to accept an e-mail account as property. In any case, given the strong state interests in protecting individuals against cost-shifting and privacy invasions, establishing a link to trespass theory may be more trouble than its worth.

[156] See Marcus, supra note 2, at 256-57. At the outset, it should be noted that ACLU v. Reno, 929 F. Supp. 824 (E.D. Pa. 1996), aff'd, 117 S. Ct. 2329 (1997), most likely does not apply to e-mail. In striking down the Communications Decency Act on First Amendment grounds, the Court focused its free speech analysis on the Internet as a whole. See Bennett, supra note 155, at 566. E-mail, however, is unlike other aspects of the Web because using the Internet generally requires the user to take affirmative action to access information. See id.; see also supra notes 25-28 and accompanying text.

[157] Virginia State Bd. of Pharmacy v. Virginia Citizens Consumer Council, Inc., 425 U.S. 748 (1976).

[158] See Florida Bar v. Went For It, Inc., 515 U.S. 618, 623 (1995).

[159] See Board of Trustees of State University of New York v. Fox, 492 U.S. 469, 477 (1989).

[160] Florida Bar, 515 U.S. at 623.

[161] Central Hudson Gas & Elec. Corp. v. Public Serv. Comm'n of New York, 447 U.S. 557, 566 (1980).

[162] See id.

[163] See, e.g., Florida Bar, 515 U.S. at 623 (applying Central Hudson analysis to unsolicited advertising by attorneys).

[164] Central Hudson, 447 U.S. at 566.

[165] Edenfield v. Fane, 507 U.S. 761, 770-71 (1993).

[166] Destination Ventures, Ltd. v. FCC, 844 F. Supp. 632, 637 (D. Or. 1994), aff'd, 46 F.3d 54 (9th Cir. 1995). On appeal, the Ninth Circuit did not directly address the issue of whether the government's interest was substantial because the plaintiffs did not contest that it was. Destination Ventures, 46 F.3d at 55. The court went on to uphold a complete ban on unsolicited commercial faxes, sending the clear message that cost-shifting will suffice as a "substantial" government interest for First Amendment purposes. See id.; see also Marcus, supra note 2, at 296.

[167] See Carroll, supra note 10, at 243-44; see also Tillmann v. Distribution Sys. of America, Inc., 648 N.Y.S.2d 630 (1996) (holding that newspaper distributor did not have a First Amendment right to continue to deliver newspapers to a private home once the homeowner objected).

[168] Rowan v. United States Post Office Dep't, 397 U.S. 728 (1970).

[169] Id. at 737.

[170] For example, a district court in Cyber Promotions, Inc. v. America Online, Inc., 948 F. Supp. 436, 456 (E.D. Pa. 1996) stated:

[171] See Edenfield v. Fane, 507 U.S. 761, 770-71 (1993).

[172] CompuServe Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015 (S.D. Ohio 1997); see also Cyber Promotions, 948 F. Supp. at 456 (holding that spammers have no First Amendment right to invade another company's private property with e-mail advertisements).

[173] Central Hudson Gas & Elec. Corp. v. Public Serv. Comm'n of New York, 447 U.S. 557, 566 (1980).

[174] Board of Trustees of the State University of New York v. Fox, 492 U.S. 469, 480 (1989).

[175] See id.

[176] United States v. Edge Broadcasting Co., 509 U.S. 418, 434 (1993).

[177] Destination Ventures, Ltd. v. FCC, 46 F.3d 54, 57 (9th Cir. 1995).

[178] See Destination Ventures, Ltd. v. FCC, 844 F. Supp. 632, 637 (D. Or. 1994), aff'd, 46 F.3d 54 (9th Cir. 1995). Apparently, the issue was so clear-cut that the appellants decided not to contest it on appeal. And with good reason. By endorsing incremental efforts by governments, United States v. Edge Broadcasting Co. has for the most part emasculated the directly advance requirement. See Marcus, supra note 2, at 268-69.

[179] Destination Ventures, 46 F.3d at 55-56.

[180] See id. at 56.

[181] Id.

[182] See id.

[183] See id.

[184] In contrast to the third prong, this prong potentially has some bite. See City of Cincinnati v. Discovery Network, 507 U.S. 410 (1993) (striking down city ordinance that banned commercial newsracks from city streets as underinclusive because, given the city's goal of reducing blight and making sidewalks safer, non-commercial newsracks should have been banned also).

[185] Courts have recently held that spammers do not have a First Amendment right to send spam to nonconsenting ISPs. Cyber Promotions, Inc. v. America Online, Inc., 948 F. Supp. 436 (E.D. Pa. 1996); CompuServe Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015 (S.D. Ohio 1997). Both courts emphasized that the First Amendment was not triggered because no state action was involved. Cyber Promotions, 948 F. Supp. at 441; CompuServe, 962 F. Supp. at 1025-26. Although the passage of anti-spam legislation would qualify as state action and trigger the First Amendment, these decisions could presage the limited solicitude that courts may have for spammers.

[186] See H. Joseph Hameline & William Miles, The Dormant Commerce Clause Meets the Internet, 41 BOSTON B.J., Sept.-Oct. 1997, at 8; see also Peter Lewis, Spam on Trial, SEATTLE TIMES, June 7, 1998, at C1.

[187] "The Congress shall have Power ... [t]o regulate Commerce with foreign Nations, and among the several States." U.S. Const. art. I § 8.

[188] See City of Philadelphia v. New Jersey, 437 U.S. 617, 623 (1978); Gibbons v. Ogden, 22 U.S. (9 Wheat.) 1 (1824).

[189] See H.P. Hood & Sons, Inc. v. DuMond, 336 U.S. 525, 537-38 (1949).

[190] See City of Philadephia, 437 U.S. at 623-24.

[191] See Southern Pacific Co. v. Arizona, 325 U.S. 761, 767 (1945).

[192] Pike v. Bruce Church, Inc., 397 U.S. 137 (1970).

[193] See City of Philadephia, 437 U.S. at 624.

[194] Pike, 397 U.S. at 142.

[195] See id.

[196] See BMW of North America, Inc. v. Gore, 517 U.S. 559 (1996).

[197] Id. at 572.

[198] Id.

[199] See id.

[200] See id. at 572-73.

[201] American Libraries Ass'n v. Pataki, 969 F. Supp. 160, 161 (S.D.N.Y. 1997).

[202] See id. at 163.

[203] See id. at 169-70.

[204] See id. at 173-74.

[205] See id. at 175 (citing Healy v. The Beer Institute, 491 U.S. 324, 336 (1989)).

[206] See id.

[207] See id. at 177.

[208] See id.

[209] See id.

[210] See id.

[211] Courts generally use two tests in such cases: (1) a law is per se invalid if it discriminates against out-of-state commerce on its face, in practical effect, or in its purpose by imposing differential treatment; and (2) if the law is evenhanded, the Pike balancing test applies. See Chambers Med. Technologies of South Carolina, Inc. v. Bryant, 53 F.3d 1252, 1256 (4th Cir. 1995) (applying neither the first nor third tests used in American Libraries); Texas Manufactured Housing Ass'n, Inc. v. City of Nederland, 101 F.3d 1095, 1101 (5th Cir. 1996) (applying the same standard); Pic-A-State PA, Inc. v. Pennsylvania, 42 F.3d 175, 179 (3d Cir. 1994) (applying the third test in American Libraries, but not the first).

[212] BMW of North America, Inc. v. Gore, 517 U.S. 559 (1996).

[213] Id. at 572-73.

[214] Read broadly, the court's application of Gore would lead to the absurd result that if certain conduct is legal in Connecticut, then New York is barred from punishing the same conduct when undertaken by a Connecticut resident in New York. Clearly, the Supreme Court did not intend such a result.

[215] See Krantz v. Air Line Pilots Ass'n, International, 427 S.E.2d 326 (Va. 1993) (classifying a New Yorker's act of sending defamatory electronic messages as an act within the state of Virginia because the New Yorker's messages used a computer system based in Virginia); Calder v. Jones, 465 U.S. 783, 788-89 (1984) (upholding California jurisdiction over defamatory article published in Florida but intended to have effect in California where the defamed person resided). Although these cases were jurisdictional decisions, the same principles for defining out-of-state activity should apply in the Dormant Commerce Clause context.

[216] See American Libraries, 969 F. Supp. at 168 ("The unique nature of the Internet highlights the likelihood that a single actor might be subject to haphazard, uncoordinated, and even outright inconsistent regulation by states that the actor never intended to reach and possibly was unaware were being accessed."), 178-79.

[217] See Hameline & Miles, supra note 186, at 21.

[218] See American Libraries, 969 F. Supp. at 181.

[219] See id.

[220] See id.

[221] See Wabash, St. L. & P. Ry. Co. v. Illinois, 118 U.S. 557 (1886).

[222] See Southern Pac. Co. v. Arizona, 325 U.S. 761 (1945).

[223] See Bibb v. Navajo Freight Lines, Inc., 359 U.S. 520 (1959).

[224] See American Libraries, 969 F. Supp. at 182.

[225] Id. at 183.

[226] See id.

[227] See Pike v. Bruce Church, Inc., 397 U.S. 137 (1970).

[228] There is also a good argument that trespasses do not implicate the Dormant Commerce Clause because, by definition, the conduct and its effects occur in the forum state.

[229] See American Libraries, 969 F. Supp. at 165.

[230] Id. at 177.

[231] Id.

[232] Id. at 178.

[233] See id. at 178-79.

[234] Id. at 179.

[235] Id.

[236] See id. at 180.

[237] See id. at 181.

[238] The next section of this article demonstrates that asserting jurisdiction over out-of-state spammers will not pose significant problems in Virginia.

[239] See American Libraries, 969 F. Supp. at 178-79.

[240] See id.

[241] See Lewis, supra note 186, at C1.

[242] See id. Minnesota and Illinois, however, have aggressively pursued out-of-state advertisers and service providers who reach their citizens via the Internet. See American Libraries, 969 F. Supp. at 168.

[243] International Shoe Co. v. Washington, 326 U.S. 310, 316 (1945).

[244] Id.

[245] See id. at 319. The test of fundamental fairness often hinges on whether sufficient contacts with the state would make litigation reasonably anticipated. See Karin Mika & Aaron J. Reber, Internet Jurisdictional Issues: Fundamental Fairness in a Virtual World, 30 CREIGHTON L. REV. 1169, 1175-76 (1997). Reasonable anticipation of litigation is often assumed when the defendant purposely directs activities at the forum state. See Keeton v. Hustler Magazine, Inc., 465 U.S. 770, 781 (1984).

[246] "Specific jurisdiction" generally applies to individuals who commit torts in the forum state or to individual transactions that occur there. Mika & Reber, supra note 245, at 1172.

[247] See McGee v. International Life Ins. Co., 355 U.S. 220, 223 (1957).

[248] Hanson v. Denckla, 357 U.S. 235, 253 (1958).

[249] See Hess v. Pawloski, 274 U.S. 352, 356-57 (1927).

[250] See Burger King v. Rudzewicz, 471 U.S. 462, 472 (1985).

[251] See Mika & Reber, supra note 245, at 1173.

[252] See VA. CODE ANN. § 8.01-328.1 (Michie 1998).

[253] See John G. Kolbe, Inc. v. Chromodern Chair Co., 180 S.E.2d 664, 667 (Va. 1971); Brown v. American Broadcasting Co., Inc., 704 F.2d 1296, 1301 (4th Cir. 1983).

[254] Alton v. Wang, 941 F. Supp. 66, 67 (W.D. Va. 1996).

[255] See VA. CODE ANN. § 8.01-328.1.

[256] John G. Kolbe, 180 S.E.2d at 667.

[257] See VA. CODE ANN. § 8.01-328.1(A)(4).

[258] See VA. CODE ANN. § 8.01-328.1(A)(1).

[259] One point to keep in mind during this discussion is that anti-spam legislation could expand the long-arm statute if necessary, provided that due process requirements are still met. Thus, these three jurisdictional scenarios will be discussed with reference to the long-arm statute, but the real bottom line is due process.

[260] See VA. CODE ANN. § 8.01-328.1(A)(1).

[261] See VA. CODE ANN. § 8.01-328.1(A)(4).

[262] See id.

[263] Telco Communications v. An Apple a Day, 977 F. Supp. 404, 407 (E.D. Va. 1997).

[264] Id.

[265] See, e.g., Keeton v. Hustler Magazine, Inc., 465 U.S. 770 (1984); Heroes, Inc. v. Heroes Foundation, 958 F. Supp. 1 (D.D.C. 1996).

[266] See Mika & Reber, supra note 245, at 1177-79 (citing cases); but see Fallang v. Hickey, 532 N.E.2d 117 (Ohio 1988) (holding that Ohio had jurisdiction over out-of-state doctor who sent one defamatory letter into the state).

[267] Mika & Reber, supra note 245, at 1181 (citing cases); but see Maritz, Inc. v. Cybergold, Inc., 947 F. Supp. 1328, 1333 (E.D. Mo. 1996) (noting that the operator of an interactive Web site purposefully availed itself of business in Missouri by responding by e-mail to every request submitted by Internet users, including 131 messages sent to Missouri).

[268] Telco Communications v. An Apple a Day, 977 F. Supp. 404 (E.D. Va. 1997).

[269] Id. at 406.

[270] VA. CODE ANN. § 8.01-328.1(A)(4) (Michie 1992).

[271] Telco, 977 F. Supp. at 407 (quoting VA. CODE ANN. § 8.01-328.1(A)(3)).

[272] Krantz v. Air Line Pilots Ass'n, Int'l, 427 S.E.2d 326 (Va. 1993). In Krantz, the Virginia Supreme Court held that jurisdiction was proper over a non-resident defendant who posted defamatory statements about the plaintiff on his computer in New York. Id. at 329. The court found that the defendant's plan to interfere tortiously with the plaintiff's employment could not have been executed without recruiting other people to communicate his message to the plaintiff's prospective employer. See id. at 328. To this end, the defendant used a computer switchboard system called ACCESS, which was located in an office building in Herndon, Virginia. See id. The court concluded that the defendant's use of ACCESS to further his plan was "an act . . . in this Commonwealth" within the meaning of Virginia's long-arm statute. Id.

[273] See Telco, 977 F. Supp. at 408.

[274] See id.

[275] See id.

[276] See VA. CODE ANN. § 8.01-328.1(A)(3) (Michie 1992).

[277] Krantz, 427 S.E.2d at 328; Telco, 977 F. Supp. at 408.

[278] Although it seems reasonable to argue that invasions of privacy to Virginia residents occur in Virginia, such an argument is not water-tight. Problems may arise because it is hard to pinpoint the actual geographic location of a user's e-mail account. See American Libraries Ass'n v. Pataki, 969 F. Supp. 160, 170-71 (S.D.N.Y. 1997). For example, if a Virginia resident opens an e-mail account with a California ISP, does that user's e-mail account reside in Virginia, California, or elsewhere? Similar questions surface in the situation where a user accesses her account and receives spam while on vacation in Paris. See id. Because the state can assert cost-shifting as a rationale for protecting individuals from spam, these concerns are probably not critical.

[279] See Blumenthal v. Drudge, 992 F. Supp. 44, 54 (D.D.C. 1998) (presenting argument by notorious Internet reporter, Matt Drudge, that he was not subject to jurisdiction in the District of Columbia because he could not possibly know where the recipients of his Report reside when a typical e-mail address simply reads "janedoe@aol.com.").

[280] American Libraries, 969 F. Supp. at 170-71.

[281] See Mika & Reber, supra note 245, at 1175-76. There is also a legitimate argument that spammers should expect to be haled into court anywhere in the U.S. because their solicitations are purposefully aimed throughout the nation. See Keeton v. Hustler Magazine, Inc., 465 U.S. 770 (1984); Maritz, Inc. v. Cybergold, Inc., 947 F. Supp. 1328, 1333 (E.D. Mo. 1996).

[282] Contrast this approach with Minnesota's. The Web site posted by Minnesota's Attorney General warns all Internet users and providers that "[p]ersons outside of Minnesota who transmit information via the Internet knowing that information will be disseminated in Minnesota are subject to jurisdiction in Minnesota courts for violations of state criminal and civil laws." Mika & Reber, supra note 245, at 1169.

[283] The Coalition Against Unsolicited Commercial E-mail has stated that it would prefer federal legislation, California Bill Would Give Internet Firms More Power to Fight Spam, DOW JONES ON-LINE NEWS, Aug. 28, 1998, at 12:47, and AOL has expressed concern over backing state measures that could lead to a tangle of conflicting anti-spam laws. Wingfield, supra note 50, at 18:57.

[284] See Bennett, supra note 155, at 567-68.

[285] See J. Leffall, Gilmore Names 34 to Tech Unit, RICHMOND TIMES-DISPATCH C1 (Sept. 23, 1998) (describing Governor's Commission on Information Technology and the Commonwealth's goal of making high-tech companies feel like they need to be in Virginia).

[286] See id. (quoting Governor Gilmore as saying "I foresee creating policy that will bring solutions to certain misuse of the Internet.").

[287] Presumming Congress passes anti-spam legislation, it may, like the law banning unsolicited commercial faxes, preserve state regulations that are more restrictive than the federal law. See 47 U.S.C. § 227(e)(1) (1994).

[288] See Best and Worst of 1997, supra note 4, at 62; Evans, supra note 6, at 16 (reporting that NetCom On-Line Communications Services, Inc. fears FCC control and unnecessary censorship on the Internet); Bennett, supra note 1, at 11:40 (noting that a committee of consumer groups, advocacy organizations and major Internet companies, like AOL, Microsoft, and AT&T, issued a report to the FTC calling for industry self-regulation with minor federal oversight).

[289] See, e.g., Lee, supra note 20, at 430.

[290] See California Bill Would Give Internet Firms More Power to Fight Spam, supra note 283, at 12:47.

[291] See id.; Lee, supra note 20, at 426-27.

[292] See California Bill Would Give Internet Firms More Power to Fight Spam, supra note 283, at 12:47.

[293] See id.

[294] See Lee, supra note 20, at 426-27; but see Marcus, supra note 2, at 255 (advocating a law that would create a cause of action for spam recipients because they most often suffer the greatest injury from spamming).

[295] See Marcus, supra note 2, at 252.

[296] See supra notes 90-93 and accompanying text.

[297] See Marcus, supra note 2, at 290.

[298] See Hotmail Corporation v. Van$ Money Pie Inc., 1998 WL 388389 (N.D. Cal 1998); America OnLine Announces "AOL's 10 Most Wanted Spammer List," supra note 7, at 15:44.

[299] At present, legislators have introduced anti-spam legislation in at least eighteen states. Of these proposals, state bills in Washington and Nevada have become law, and a California bill has passed the Assembly and is awaiting signature by the governor. See infra notes 301-45 and accompanying text.

[300] At least three anti-spam proposals have been introduced in Congress. See Bennett, supra note 155, at 567-68; infra notes 302, 306, and 317.

[301] See S.B. 2022, 1997-98 Leg. Sess. (R.I. 1998) (introduced).

[302] See Netizen's Protection Act of 1997, H.R. 1748, 105th Cong. (1997); H.B. 5399, 1998 Reg. Sess. Gen. Assembly (Conn. 1998) (introduced); S.B. 283, 1997-98 Leg., 93rd Reg. Sess. (Wis. 1997) (introduced) (requiring consent and a previous business relationship); H.B. 4581, 181st Leg., 1997 Reg. Sess. (Mass. 1997) (introduced) (requiring preexisting business relationship).

[303] Destination Ventures, Ltd. v. FCC, 46 F.3d 54 (9th Cir. 1995).

[304] See Rowan v. United States Post Office Dep't, 397 U.S. 728 (1970).

[305] American Libraries Ass'n v. Pataki, 969 F. Supp. 160 (S.D.N.Y. 1997).

[306] See Unsolicited Commercial Electronic Mail Choice Act of 1997, S. 771, 105th Cong. (1997); S.B. 13, 69th Reg. Sess. (Nev. 1997) (enacted); H.B. 491, 20th Leg., 2d Sess. (Alaska 1998) (introduced); H.B. 2823, 90th Gen. Assembly, 1997-98 Reg. Sess. (Ill. 1998) (introduced); A.B. 6805, 220th Ann. Leg. Sess. (N.Y. 1997) (introduced); H.B. 1347, Sess. of 1998 (N.C. 1998) (introduced); H.B. 41, 1998 Reg. Sess. (Ky. 1998) (introduced); A.B. 295, 208th Leg. (N.J. 1998) (introduced).

[307] See A.B. 1676, 1997-98 Reg. Sess. (Cal. 1998) (passed by the Assembly).

[308] S.B. 13, 69th Reg. Sess. (Nev. 1997) (enacted). Critics of the Nevada law say that key aspects of the legislation were gutted after political pressure from the Direct Marketing Association. See Wingfield, supra note 50, at 18:56.

[309] S.B. 13 § 7, 69th Reg. Sess. (Nev. 1997) (enacted).

[310] See id.

[311] A.B. 6805, 220th Ann. Leg. Sess. (N.Y. 1997) (introduced); See also H.B. 41, 1998 Reg. Sess. (Ky. 1998) (introduced).

[312] A.B. 295, 208th Leg. (N.J. 1998) (reported from committee); A.B. 1676, 1997-98 Reg. Sess. (Cal. 1998) (passed by the Assembly).

[313] See David E. Sorkin, Unsolicited Commercial E-mail and the Telephone Consumer Protection Act of 1991, 45 BUFF. L. REV. 1001, 1029 (1997).

[314] See id.; Carroll, supra note 10, at 237, 275.

[315] See Carroll, supra note 10, at 237, 275.

[316] See Sorkin, supra note 313, at 1029.

[317] H.B. 2752, 55th Legis., 1998 Reg. Sess. (Wash. 1998) (enacted). A current bill in the U.S. Senate takes essentially the same approach. See Electronic Mailbox Protection Act, S. 875, 105th Cong. (1997); see also ACLU v. Miller, 1997 U.S. Dist. LEXIS 14972 (N.D. Ga. Aug. 7, 1997) (discussing a similar Georgia law).

[318] See Central Hudson Gas & Elec. Corp. v. Public Serv. Comm'n of New York, 447 U.S. 557, 566 (1980).

[319] See Carroll, supra note 10, at 237, 270.

[320] In fact, the original bill proposed in the Washington legislature would have adopted a prohibition on spam, similar to Option 1 discussed above, but it was watered down to its current state. See Lewis, supra note 186, at C1. The original proposal was diluted after lobbying by the Direct Marketing Association and the American Civil Liberties Union. See id. A Microsoft lobbyist said that she thought the law would stop Microsoft from using "legitimate marketing practices" to build new membership. Id.

[321] See People v. Lipsitz, 663 N.Y.S.2d 468, 471 (1997); Evans, supra note 15, at 56-57. At least one states attempt to prevent commercial and non-commercial anonymous e-mailing has been called into question on First Amendment grounds. See ACLU v. Miller, 1997 U.S. Dist. LEXIS 14972 (N.D. Ga. Aug. 7, 1997).

[322] See Evans, supra note 6, at 15 (listing cost of certain spam-blocking software at $29.95).

[323] A.B. 1629, 1997-98 Reg. Sess. (Cal. 1998) (passed Assembly).

[324] See California Bill Would Give Internet Firms More Power to Fight Spam, supra note 283 at 12:47.

[325] H.B. 491, 20th Leg., 2d Sess. (Alaska 1998) (introduced).

[326] CompuServe Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015 (S.D. Ohio 1997).

[327] No. BC167502 (Cal. Super. Ct., Los Angeles Cty. May 7, 1997). In fact, the California Bill was crafted by Palo Alto lawyer David Kramer, who litigated on behalf of the ISPs in both trespass cases. See California Bill Would Give Internet Firms More Power to Fight Spam, supra note 283, at 12:47; CompuServe Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015, 1017 (S.D. Ohio 1997).

[328] See California Bill Would Give Internet Firms More Power to Fight Spam, supra note 283, at 12:47.

[329] A.B. 1629, 1997-98 Reg. Sess. (Cal. 1998) (passed Assembly).

[330] Id.

[331] Id.

[332] See id. The legislature stated in the bill that ISPs are experimenting with a means to embed policy statements into e-mail software so that the policies would be displayed every time the user requests e-mail delivery. See id. Once this technology is available, a showing that notice was supplied electronically would constitute actual notice for the purposes of the bill. See id.

[333] See CompuServe Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015, 1026-27 (S.D. Ohio 1997); see also Tillmann v. Distribution Sys. of America, Inc., 648 N.Y.S.2d 630 (1996); Rowan v. United States Post Office Dep't, 397 U.S. 728, 737 (1970). The Coalition Against Unsolicited Commercial E-Mail prefers California's "pure property rights" legislation because it takes free speech off the table. Lewis, supra note 186, at C1.

[334] See Wingfield, supra note 50, at 18:57.

[335] See California Bill Would Give Internet Firms More Power to Fight Spam, supra note 283, at 12:47.

[336] See id. Cyber Promotions, Inc., President Sanford Wallace has proposed a new venture that would gain permission from ISPs before sending spam to their customers. See Wingfield, supra note 90, at 22:54. Cyber would pay a monthly fee to providers under this scheme, making it worth their while to allow spam transmissions. See id. Providers could use the fees to reduce monthly charges for consenting subscribers. See id.

[337] See A.B. 1676, 1997-98 Reg. Sess. (Cal. 1998) (passed Assembly); H.B. 1672, 89th Gen. Assembly (Mo. 1998) (introduced); A.B. 295, 208th Leg. (N.J. 1998) (reported from committee); A.B. 6805, 220th Ann. Leg. Sess. (N.Y. 1997) (introduced).

[338] See H.B. 491, 20th Leg., 2d Sess. (Alaska 1998) (introduced); A.B. 1629, 1997-98 Reg. Sess. (Cal. 1998) (passed Assembly); H.B. 1633, 155th Gen. Ct., 1998 Sess. (N.H. 1998) (introduced).

[339] See Cal. A.B. 1676.

[340] See id.

[341] See H.B. 1325, 1998 Sess. (Va. 1998) (introduced).

[342] See id.

[343] N.H. H.B. 1633.

[344] See id.

[345] See id.