March 05, 2010
Eighth Circuit: No Derivative Liability Under Iowa Spam Statute -- Kramer v. Bartok
[Post by Venkat]
Kramer v. Bartok, Case No. 08-3841 (8th Cir. Feb. 19, 2010) (scribd link).
The Eighth Circuit recently reversed an award of $236 million in damages against a spam defendant based on a theory of secondary liability. The court found that the clear language of the Iowa statute only allowed for the imposition of liability against the sender.
Background: Kramer sued defendants Bartok, Perez, and Brown after allegedly receiving millions of spam emails advertising mortgage refinancing services. Kramer asserted claims, including claims under the Iowa's spam statute (then Iowa Chapter Code 714E, which while the suit was pending was replaced with Iowa Chapter Code 716A (which looks fairly different, and does not contain the term "initiate")), the Computer Fraud and Abuse Act, and trespass. According the Eighth Circuit, Kramer (who ran an ISP) actually only received twenty three offending emails, as the remaining millions of emails were blocked by Kramer's spam filter. Defendants produced no evidence at trial, and the lower court found that one of the defendants "dissembled" and sold the computers used by the enterprise. Kramer did not produce evidence that defendant Bartok actually sent the messages in question. The only evidence of Bartok's involvement was that she was "half owner of a business whose sole source of income was predicated on spamming," she signed an agreement for the procurement of mortgage leads, and she assisted Perez in destroying some of the relevant records in question.
The lower court found that Kramer produced no evidence of "actual damages," and rejected all of the claims except for the claims under Iowa's spam statute. With respect to this claim the court awarded $236 million in statutory damages ($10 per spam email).
The Eighth Circuit's ruling: The Eighth Circuit looked to the plain language of the statute and found that the statute only imposed liability on those who "use an interactive computer service to initiate the sending of bulk electronic mail." In other words, the statute was clear that it only imposed liability on someone who actually hit the send button.
Kramer argued that he had produced sufficient evidence of a civil conspiracy between Bartok and the other defendants to sustain a finding of derivative liability, but the court rejected this theory. In the court's view, if the statute didn't authorize the imposition of liability on those who conspired with the person(s) who initiated transmission of the messages (through the use of an interactive computer service), the court was not free to imply a cause of action based on this theory. While Kramer argued a common law conspiracy claim, the court found that Kramer's failure to produce evidence of actual damages precluded the imposition of derivative liability on Bartok. To allow Kramer to assert liability against Bartok based on a conspiracy theory absent evidence of actual damages would be an end-run around the statute's limited focus on those who actually sent the offending messages.
My thoughts: Derivative liability regarding spam and other types of advertising is a favorite topic of Professor Goldman's. I agree that absent clear standards, liability can move up the chain to advertisers and service providers, and this can cause obvious problems.
Here, the court interpreted a statute which by its terms only imposed liability on the person who initiated the transmission of the messages, so the court's conclusion isn't particularly surprising. The fact that the plaintiff in this case only produced 23 emails and was awarded a whopping $236 million in damages (despite having failed to put forth evidence of actual damages) was probably not lost on the court either.
How does this relate to CAN-SPAM: In the context of CAN-SPAM, the standards are slightly different. CAN-SPAM imposes liability on those who "initiate" or "procure" the initiation of noncompliant messages. "Initiate" is defined as "to originate or transmit [messages] or to procure the origination or transmission of [messages] . . . ." "Procure" is defined as "intentionally, to pay or provide other consideration to, or induce, another person to initiate [messages] on one's behalf." Where a civil claim is brought by an ISP, the term procure contains an actual knowledge or a conscious avoidance limitation. (section 7706(g)(2)) CAN-SPAM thus allows for the imposition of derivative liability, but makes it more difficult when the ISP is the one enforcing.
How have CAN-SPAM plaintiffs fared when they sought to impose this type of liability? Not very well. I haven’t done an exhaustive tally, but on the civil side there have been several defense wins (Hypertouch v. Kennedy Western, Asis Internet v. Optin Global, Fenn v. Redmond Venture). On the affiliate liability issue, these cases are typically resolved in favor of defendants on the basis that defendants were not (and had no reason to be) aware of the underlying violations. With respect to enforcement efforts by the FTC, the FTC lost a jury trial (Impulse Media), settled one case after the court found that affiliate liability is a question of fact (Cyberheat), and obtained a conviction (US v. Kilbride). (Oddly, after losing the jury trial in the Impulse Media case, the FTC sought to obtain injunctive relief against Impulse Media. The court denied this request.) Overall, the case law is largely defense favorable. Although CAN-SPAM allows for derivative liability, courts and juries have not been quick to impose it.
Related posts: "Affiliate Liability Talk Notes From SMX West"