Alaska’s Anti-Adware Law–A One-Year Status Report

By Eric Goldman

A year ago today, Alaska enacted the most expansive anti-adware law to date. This post gives a quick status report on the law.

So, what’s happened in the past year? As far as I can tell, nothing. I’ve not heard of any preemptive challenges or any enforcement actions. Radio silence.

Contrast this with Utah’s enactment of its problematic anti-adware law in 2004–the law was promptly challenged on Constitutional grounds, the court quickly issued an injunction, and the legislature amended the law within a year to render it largely irrelevant. As far as I know, Utah’s law also sits unused. did sue SmartBargains under the initial version of the act; I’m not sure what happened to that claim after the law was enjoined.

I’m always fascinated when laws are passed with lots of fanfare and then sit dormant. Why hasn’t the Alaska law generated any action (pro or con) yet? I think the secret may lie in some odd language that I overlooked when I initially dissected the statute. The law defines a pop-up ad as:

material offering for sale or advertising the availability or quality of a property, good, or service that is displayed on a user’s computer screen, without any request or consent of the user, separate from an Internet website that a user intentionally accesses (emphasis added)

What does it mean that a user “requests” or “consents” to a pop-up ad? It could mean that the user must consent to each pop-up ad individually immediately prior to its delivery–a bizarre HCI process, but one that would be consistent with the apparent legislative intent. Alternatively, it could mean that a user’s consent to receive pop-ups at the time of software installation suffices as consent for all subsequent pop-up ads delivered by that software. This interpretation is consistent with the express statutory language, but then it raises the question (like the question raised when Utah amended its Spyware Control Act)–what’s the point of such a toothless law?

This statutory interpretation issue may explain why there hasn’t been any action under the law. From the adware vendor’s side, the express statutory language may provide them enough cover that there’s no need to rally up the troops for a heavy-duty Constitutional challenge. Meanwhile, plaintiffs may be scratching their head trying to figure out if they have a valid cause of action.

There are, of course, other possible explanations for the seeming lack of action, including:

* there may be some lawsuit I’m not aware of (please let me know if I’ve missed something)

* 1 year may be too short a time period to evaluate the law.

* some adware vendors may be shunning Alaska. See, e.g., HotBar’s license, which says “Special Notice to Alaska Residents: Unfortunately, according to Alaska’s SB 140 Act, users who reside in Alaska may not install the Hotbar software. Therefore, by downloading or installing the Hotbar software you declare and represent that your computer is not located in the state of Alaska. To the extent that our system is able to recognize that your computer is located in the state of Alaska, we will not enable you to download the software.” Superficially, perhaps the law has changed the behavior of some adware vendors. However, I don’t know what Hotbar does to detect Alaskan IP addresses or otherwise detect Alaskan computers, but these procedures generally are imperfect. As a result, depending on the rest of Hotbar’s interaction with users, it could be that some Alaskans may still be downloading the software in a manner inconsistent with the statute.

I can’t resolve these alternative explanations yet, but for now, my vote is that this law is sufficiently poorly drafted that it will never be used by anyone. If so, consistent with other state-level attempts to regulate the Internet, Alaska may have muffed its effort. Fortunately, if this law is truly irrelevant, Alaska’s muffing will be relatively harmless.

Nevertheless, Alaska’s muffing may have some bearing on Congress’ motivation to pass an anti-adware/anti-spyware law. For the most part, the other anti-spyware laws passed by the states add little to the legal regulatory environment (the “intentionally deceptive” standard is both duplicative of other laws and a very high threshold), so coping with them does not require vendors to do something special. However, putatively Alaska and Utah’s laws were much broader, as they were intended to outlaw an entire industry–which motivates industry players to seek preemption of state laws. Yet, if both laws are effectively irrelevant, adware vendors have less incentive to push Congress for a preempting law.