Nails, Coffins, Spam, and the Dormant Commerce Clause?
By Ethan Ackerman
Have the state spam laws that survived CAN-SPAM finally fought off Dormant Commerce Clause and preemption challenges? Yes, they have, but not for the reasons you might think…
The ‘net was awash with news articles last week trumpeting that the nation’s first felony spamming conviction had been upheld. Prolific North Carolina spammer Jeremy Jaynes lost an appeal in the Virginia Court of Appeals of his nine year conviction for violating Virginia’s criminal anti-spam law.
Jaynes alleged the Virginia criminal anti-spam law was an unconstitutional violation of the Dormant Commerce Clause and the First Amendment. Finally, Jaynes challenged the jurisdiction of Virginia courts to convict him over emails that were initiated in North Carolina. These three arguments – the Dormant Commerce Clause, the First Amendment, and jurisdiction – have fairly consistently been plans A, B & C in any challenge to state spam laws, and I’ve blogged about some of them before.
I think plans A & B in an alleged commercial spammer’s legal defense (the Dormant Commerce Clause and First Amendment challenges) have now taken enough hits to be declared at least in the coffin, if not dead. Why? In the case of the Dormant Commerce Clause, it isn’t the slow accretion of adverse cases swaying the tide of legal thinking (as with First Amendment cases), but an intuitively and legally obvious reason I explain below. While plans A&B lay near death, courts (much like they have been doing for the last 200-plus years) are still struggling with notions of jurisdiction. As a result, plan C (resisting the jurisdiction of an out-of-state court) looks to remain a source of continued litigation between spammers and those who would sue them.
First Amendment Claims
I’d hoped that this post could include just a quick, cursory review of the First Amendment argument that Jaynes would make and the court would correctly shoot down before moving on to the meatier Dormant Commerce Clause and jurisdictional issues. As it turns out, I can’t do that. At fault: Virginia’s slightly unusual anti-spam law that seems to apply to both commercial and non-commercial email. Apparently I’m not the only one who thought the usually dead issue of a First Amendment challenge may well be alive in this case, either. While I still think that properly constructed state anti-spam laws can easily survive a First Amendment challenge, let’s see what’s going on with this particular one…
In his defense, Jaynes alleged that the Virginia criminal anti-spam statute was a facially unconstitutional violation of the First Amendment, as it impermissibly regulated some types of anonymous non-commercial speech. Jaynes, along with supplemental briefing by the ACLU of Virginia as amicus solely on this issue, pointed out that such content-based restrictions require strict judicial scrutiny, with its test for a narrowly tailored means to achieve an end that must be a compelling state interest.
At this point in a “standard” anti-spam prosecution, the plaintiff or state would respond that protecting citizens, ISPs and networks from the well-documented scourge of spam is a compelling state interest and point to studies and legislative findings, and courts would agree with them. That seems to be what happened in the Jaynes case, as well. No one was really arguing against the idea that controlling spam constitutes a “compelling state interest,” it was the “narrowly tailored means” that caused problems. On the issue of “narrowly tailored,” plaintiffs in a “standard” case would argue that in only addressing misleading commercial speech, the category with the least First Amendment protection, the law was narrowly tailored around common types of ‘more-protected’ speech like political or religious speech, and the additionally limitation of ‘misleading’ regulated even less, only covering that thin slice of speech where the state’s interest in protecting consumers and commerce was strongest.
The ACLU and Jaynes argued that the Virginia act was not narrowly tailored in that it was not limited to commercial speech, and even worse, that it effectively precluded anonymity (an important, recognized First Amendment value) by criminalizing false headers regardless of commercial or non-commercial status. Reading the Virginia statute, the ACLU and Jaynes seem to be on to something. Unlike many other state anti-spam laws that are restricted to unsolicited commercial email, the Virginia statute addresses unsolicited bulk email – apparently regardless of its commercial or non-commercial nature.
The Jaynes Court seems to agree with the ‘standing’ and ‘standard of review’ aspects of the argument, correctly recognizing that Jaynes can assert “facial” unconstitutionality – that it may be unconstitutional to some, even if the act is constitutional as applied to him. Unfortunately, the court then seems to misapprehend (or the ACLU and Jaynes didn’t clearly and persuasively make) the second half of the argument about being narrowly tailored.
Instead, the court seemed to read the statute as requiring that some type of trespass be achieved as a result of the header falsification, as though a misrepresented header was presented, password-like, to allow access to a computer network – much like many computer fraud statutes prohibit. Perhaps the near proximity of the statutes in the Virginia Code confused the court? The Court’s opinion goes on for several pages, correctly espousing and illuminating the (correct, but not actually raised) principle that the First Amendment doesn’t sanction trespass. The court seems to labor under the impression that Jaynes got ‘access’ to AOL’s email network by falsifying his headers and that he wouldn’t have such access but for the falsifications. As a result, several interesting legal and technical questions are left unexplored or unanswered. Is the Virginia statute, targeting emails based on their “bulk” status rather than commercial nature, still narrow enough to survive strict scrutiny? Does the prohibition on false or misleading apply to preclude anonymity as a practical matter, or just make it harder? Would that make a difference for First Amendment purposes?
Part of Jaynes’ case is worth noting for what it doesn’t contain – a preemption argument. Most other spam cases arising under state laws since the passage of the federal CAN-SPAM Act have at least alleged federal preemption as a defense against the state law. The uniform result of those cases — holdings that recognize CAN-SPAM expressly preserves some types of state spam laws — probably drove Jaynes away from this losing argument and toward more viable defenses instead.
Preemption claims argue that federal law, either explicitly or as a practical result, governs the details of a subject to such a degree that it must be regarded as the controlling law on a subject. With CAN-SPAM’s enactment in 2003, another text-book example of federal preemption was born. Indeed, the Act contained comprehensive definitions, it detailed offenses and standards and labeling and safe harbors, and it even had explicit language preempting state laws. It also, however, ‘saved’ state anti-spam laws from preemption to the extent they complied with a preemption “exception.” This exception, which says CAN-SPAM preempts state law “except to the extent that any such [law] prohibits falsity or deception in any portion of a commercial electronic mail message…”, saves at least part of most every state’s anti-spam laws, because most state anti-spam laws focus on fraudulent messages or fraudulent header information.
Even before Jaynes’ case, defendants were beginning to give up on the preemption argument. The BSI v. Keynetics defendant didn’t try a direct preemption argument, conceding that preemption exception made that argument fruitless, but instead artfully argued that the state statute was preempted by CAN-SPAM because the specific fraud pleading provisions of the Federal Rules of Civil Procedure (FRCP) applied. The Keynetics defendant argued, and the judge rejected, the idea that non-compliance with FRCP brought the state law claim out of the CAN-SPAM exception it might otherwise enjoy. The judge held that the case was sufficiently pleaded, and compliance or non-compliance with the FRCP was not a preemption issue, but really just a simple FRCP pleadings issue. Insufficient pleadings would result in a failure for FRCP reasons, not some artfully twisted extension to the unrelated issue of preemption.
Dormant Commerce Clause Claims
Jaynes argued the often argued (but seldom won) theory that the Dormant Commerce Clause prevented state spam regulations that have the effect of regulating interstate commerce, arguing that the U.S. Constitution’s Commerce Clause doctrine precluded states from doing this. The court quickly rejected this notion, applying a test the Supreme Court has identified for Dormant Commerce Clause challenges. As the Virginia law regulated evenhandedly between in-state and out-of-state companies, both in appearance and in practice, the court applied the Pike balancing test and found that the impacts on interstate commerce were minimal (only complying with the law’s prohibition on false/misleading headers) compared with the benefit to Virginia consumers. Like the oft-cited Heckel court cases and other spam cases before this, the Virginia court recognized that these “truth in labeling” provisions hardly could be said to “burden” commerce, emphasizing that compliance was actually easier than non-compliance, and the results (less fraudulently-headered spam) would, if anything, benefit commerce.
While I’ve suggested that everything so far in this analysis is by-the-book, I should note that some cases and legal scholars have a slightly more expansive Dormant Commerce Clause jurisprudence than this cut-and-dried Pike balancing test. Not surprisingly, this more expansive view is frequently adopted by spammer defendants. This argument relies on bleeding the “extraterritorial effect” aspect of the Dormant Commerce Clause test into the heightened scrutiny standard appropriate for state laws that are discriminatory.
Instead of looking only to ensure that the statute was not written with the discriminatory intent or effect of covering wholly extraterritorial conduct, this expansive view operates on the principle that, separate from intent, statutes that could or do have wholly extraterritorial effects are assumed invalid. This camp rejects the notion that it should just boil down to a balancing test, and espouses the broader notion that an additional threshold test for wholly extraterritorial effect, independent of and in addition to the threshold “discriminatory intent or effect” test, is appropriate.
This “two threshold tests” camp is supported by local and national court cases that use language from Commerce Clause jurisprudence suggesting a second separate test. Perhaps the high-water mark for this camp is found in Healy v. The Beer Institute, where the Supreme Court adopted choice bits of language from prior opinions to hold that “A statute that directly controls commerce occurring wholly outside the boundaries of a State exceeds the inherent limits of the enacting State’s authority and is invalid regardless of whether the statute’s extraterritorial reach was intended by the legislature.” A great contemporary example of applying this standard is American Booksellers v. Dean, where the 2nd Circuit held Vermont anti-indecency law invalid because it had the effect of regulating some wholly extraterritorial Internet conduct.
One interesting subset of this “two thresholds” argument – perhaps one that takes it a step too far – is the argument that in requiring extraterritorial actors to even perform an inquiry into each state’s laws – to see whether each law is applicable, where email recipients are located, and any conditions of compliance – a state has impermissibly burdened interstate commerce. Just having to check other states becomes a burden. The Jaynes court, as have most other courts addressing spam laws, embraced the Pike-only camp’s logic and rejected this “checking is a burden” notion. The Jaynes and Heckel courts pointed out that that “discovery burden” isn’t the tested burden, but rather the appropriate burden to test is what it takes to comply with the law – compliance only “requires” refraining from mislabeling email headers.
This “extraterritorial actors making an inquiry is a burden” argument seems a bit weak to me (and others) for several additional reasons – not the least of which is that it seems inconsistent with the Supreme Court’s own Pike test. The Pike test seems to contemplate that some state impact on interstate commerce is acceptable, and so attempts to erect a “per se” invalidity rule for anything with interstate effect seem inconsistent with Pike accepting such impacts. There is another inconsistency with this expansive view and the Pike test: If inquiring is onerous, it only gets more onerous as more states pass laws on the subject, and so a law that on its own merits passed the Pike balancing test might later become unbalanced due only to the fact that additional states have passed laws on the same subject, no matter how similar or consistent.
The “checking is a burden” subset of the “two threshold tests” camp of Dormant Commerce Clause jurisprudence has become somewhat of a straw man argument for those espousing a blended “Pike-only” balancing test. The Jayne court, like the Heckel court and most every other court upholding state anti-spam laws, focused most of its arguments on refuting the “checking is a burden” argument, without significantly addressing other legitimate concerns (Does it or doesn’t it regulate wholly extraterritorially?) elaborated on by the “two threshold tests” camp. In some cases, like Heckel’s, the statute was intentionally written to be limited to activities within the state. Other statutes, like the Virginia statute, have no limiting language of any type. The Virginia court could have perhaps at least addressed these inconsistencies rather than embrace a wholesale adoption of the logic of a case that turned out to have entirely different factual and legal circumstances.
I’ve walked through these different camps of Dormant Commerce Clause jurisprudence, and their sub-camps, and failings of each, to bring a new conclusion to the reader — the Dormant Commerce Clause will almost never matter in spam cases brought after CAN-SPAM. Legal theorists may welcome the competing ideologies and policy implications (Pike supports state authorities in the federalist debate, the “two thresholds” camp facilitates national market uniformity, and so on back and forth…) but the legal landscape for everyone else now faces a not-so-dormant Commerce Clause.
The “Active” Commerce Clause
Metaphors of nails in coffins aside, the CAN-SPAM Act put quite a lid on the Dormant Commerce Clause debate surrounding state spam laws – it just seems someone forgot to tell the lawyers. No longer do courts need to worry about extraterritorial application interfering with an interstate market, or whether such an examination should be a part of a balancing test or its own independent threshold test. Congress has spoken. And where federal legislation exists, the Dormant Commerce Clause should recede, no? Looking to see if there is federal law on the issue is actually the first step in determining whether a court should begin a Dormant Commerce Clause analysis or instead initiate a preemption analysis under the Commerce Clause and preemption jurisprudence. If contemporary Commerce Clause jurisprudence had to be put in Boolean form, it would go roughly like this: If federal law, then preemption analysis, else Dormant Commerce Clause analysis.
Court decisions after the CAN-SPAM Act have given recognition to CAN-SPAM’s stance on state spam laws, but mainly in the context of preemption debates, not ‘active’ Commerce Clause analysis. The BSI v. Keynetics court was perhaps the first to do so clearly when it rejected the argument that the Internet was so inherently interstate that the Dormant Commerce Clause required exclusively federal law:
“This Court need not dwell on this argument. While perhaps interesting from an academic standpoint, it is clear that Congress itself, in enacting CAN-SPAM, specifically reserved to the States, as will be discussed presently, authority to regulate certain aspects of Internet activity.”
But then, seemingly inconsistently, the Keynetics court in the next paragraph dove into an as-applied Pike balancing discussion under Dormant Commerce Clause principles. What gives? Was the court just shooting down the “two threshold” camp in favor of the “Pike-only” camp? Perhaps, but more likely, the Court thought that CAN-SPAM merely sanctioned state laws, and didn’t completely remove the need for a Dormant Commerce Clause analysis. Or perhaps it was taking the belt-and-suspenders approach and addressing each argument?
I would suggest that contemporary Commerce Clause jurisprudence dictates that the presence of actual federal law explicitly sanctioning the presence of concurrent state law on the same subject matter should displace Dormant Commerce Clause analysis. At most, analysis should be limited to the related issue of whether the law was applied outside the state’s jurisdictional reach. I think that the common (almost universal) tactic of arguing against spam laws on Dormant Commerce Clause grounds has created something of a self-perpetuating response. Courts have addressed the issue and there is at least some precedent on both sides of each argument, so everyone (plaintiffs, defendants, and Courts) cite it and repeat it and maybe even elaborate on it. If they approached it fresh, I have little doubt courts would proceed down the standard Commerce Clause/preemption analysis ‘path’ and recognize that Congress and the President did, in fact, sanction these state laws.
I suspect that as courts escape from the habitual rut of Dormant Commerce Clause analysis, they will hold, as did the Jaynes Court, that:
“Congress, in enacting CAN-SPAM, expressly accorded the States the right to regulate false and misleading e-mail transmissions. 15 U.S.C. 7707(b)(1). If Congress itself was satisfied that supplementary state legislation would impose no undue burden on interstate commerce, this Court can hardly presume to tell Congress it is wrong.’”
And actually stop right there.
The Jaynes case seems ripe for detailed Constitutional analysis of the reach and scope of a court’s power to subject out-of-state actors to its own state’s criminal law, as well as a conflicts and choice of law analysis occasioned by an admittedly dual-state-act with differing substantive law. Out-of-state actor jurisdiction and the extraterritorial applicability of a law with regards to internet activity are both exciting due process issues even without any extraterritoriality tests under the Dormant Commerce Clause.
Unfortunately for legal scholars and doubly unfortunately for Mr. Jaynes, the Virginia Court of Appeals really punts on this issue, giving a scant three pages to the issue, far less than the eight pages of First Amendment discussion. Even worse, the Court’s conclusion is the sweeping statement that “a person may be charged in the place where the evil results, though he is beyond the jurisdiction when he starts the train of events of which the evil is the fruit.”
This expansive and vague holding was justified with only one citation to a U.S. Supreme Court case, in a subject ripe with precedent. The Virginia Court of Appeals justified this assertion from an old (1950) civil enforcement case arising under Virginia’s securities laws and narrowly upheld by the U.S. Supreme Court. In that case, Travelers Health Assn v. Virginia, while explicitly declining to rule on the issue of general jurisdiction or the enforceability of any judgments, the Supreme Court found sufficient specific jurisdiction for the state agency to issue a cease and desist order. The Virginia Court of Appeals went on to cite other state courts for support of the idea that an act can be criminally prosecuted where its impact is felt, rather than the site where it was committed, but hardly acknowledged the multitude of Virginia cases stating the opposite rule (that the locus of the crime is where it is committed) or any of the many cases, both federal and state, developing which rule should apply. Verizon v. Ralsky was the only other spammer jurisdiction case cited, not for its thorough ‘due process assertion of jurisdiction’ analysis, but primarily for the assertion that spam to addresses ending in “@aol.com” necessarily have to pass through AOL’s (Virginia) servers.
The appropriateness of jurisdiction is critical to so many spam cases, and it is often one of the most fact-intensive and case-by-case analyses. It is disappointing that the Court of Appeals addresses it so slightly and in passing, especially in a criminal case where the defendant’s due process rights are at risk.
As this post just suggested, it does matter that Mr. Jaynes is being charged with a criminal violation of Virginia’s anti-spam laws. He faces 9 years in prison, either two or four times the national average state sentence, depending on whether it is compared to ‘time sentenced’ or ‘time served.’ As a Virginia felony convict, Mr. Jaynes does not face the option of parole, and so his sentence is closer to four times the average – an average that includes mostly violent or repeat offenders. As indicated above, claims asserting lack of jurisdiction bear heightened scrutiny because the liberty interest being deprived is not just potentially money, but actual deprivation of Mr. Jaynes’ physical liberty. Perhaps CAN-SPAM’s criminal provisions should have explicitly preempted state criminal law?