N.D. Cal.: Facebook Posts are Electronic Mail Messages, Subject to CAN-SPAM — Facebook v. Maxbounty

[Post by Venkat Balasubramani]

Facebook, Inc. v. Maxbounty, Inc., CV-10-4712-JF (N.D. Cal.; Mar. 28, 2011)

The Northern District of California ruled that commercial posts to a Facebook user’s wall, news feed, and home page constitute “electronic mail messages” that are subject to CAN-SPAM. Two other courts in California had taken a similar approach with respect to MySpace messages (MySpace v. Wallace and MySpace v. TheGlobe.com).

Facebook brought claims against Maxbounty, which it alleged set up an affiliate scheme in violation of Facebook’s policies and procedures. As described in the complaint:

MaxBounty, through its network of affiliates, creates fake Facebook pages that are intended to re-direct unsuspecting Facebook users away from Facebook.com to third-party commercial sites . . . In the first step, MaxBounty establishes a network of affiliates; in the second step, MaxBounty’s affiliates create numerous Facebook pages that function like (and in effect are) advertisements; in the third step, the page displays a message indicating that upon registration a user will be able to take advantage of a “limited time offer,” such as receiving a gift card or becoming a product tester for a high-end product (e.g. an Apple iPad); in the fourth step, the Facebook user is induced by the page and begins the registration process. The registration process requires three discrete user actions: (1) to become a “fan” of the page, (2) to invite all of his or her Facebook friends to join to the page, and (3) to complete additional administrative registration requirements. Upon completion of these requirements, Facebook users are not sent the promised item but instead are directed “to a domain registered to and managed by Maxbounty that then redirects the user to a third-party commercial website . . . .” The third-party commercial site informs the user that he or she must complete still more steps in order to obtain the promised item. Such additional steps include signing up for numerous “sponsor offers,” which typically are offers for memberships in subscription services.

CAN-SPAM has three broad requirements: (1) no misleading subject lines; (2) no false or misleading header information; and (3) inclusion of a means to opt-out. I’m not sure how these requirements track to Facebook posts. Maxbounty argued (among other things) that the Facebook posts by its affiliates were not “electronic mail messages” that are subject to CAN-SPAM. CAN-SPAM defines an electronic mail message as”:

a message that is sent to a unique electronic mail address . . . [i.e.] a destination, commonly expressed as a string of characters, consisting of a unique user name of mailbox and a reference to an internet domain . . . whether or not displayed, to which an electronic mail message can be sent or delivered.

The court declines Maxbounty’s invitation to construe CAN-SPAM’s definition of electronic mail message narrowly, pointing to congressional intent in curtailing the scourge of spam and to the two prior cases that held that MySpace posts could constitute email messages that are subject to CAN-SPAM.

From a practical standpoint, the court’s order omits one question – whether the Facebook users actually received the messages in question via email. Some Facebook users would not set their Facebook accounts to forward posts or messages via email, so although the messages may be “routed” by Facebook, they may never be received (or even viewed) by the user. There’s also the issue that the users in question “liked” the pages in question. My understanding is that people (or companies) that you are not “friends” with cannot post messages to your wall or message you, so the people who received unwanted wall posts or messages in question had to take an affirmative step before they were sent the messages in question. Are these messages truly unsolicited?

This is a pretty expansive reading of CAN-SPAM. When you get to the point that social networking messages can constitute messages that are regulated by CAN-SPAM, there’s really no stopping point. How about blog comments? Tweets? Are the Facebook posts in question subject to the Telephone Consumer Protection Act as well, if the user had set his or her Facebook account to forward messages via SMS?

A case from Utah deciding whether pop-up ads were emails illustrates some of the practical difficulties with treating Facebook wall posts as email messages. (Riddle v. Celebrity Cruises, Inc.) The Utah statute required commercial emails to be labeled as advertisements (with “ADV”) and the court (which found that pop-up ads do not constitute email messages) noted:

[a]ny requirement to include the “ADV:” designation on the subject line of a pop-up ad would be meaningless because there is no subject line per se.

The same difficulties can arise when you treat Facebook messages as emails which are subject to CAN-SPAM.

Maxbounty also argued that Facebook failed to plead its Computer Fraud and Abuse Act claims with particularity. The court finds that CFAA claims are not subject to the heightened pleading standards of Rule 9(b), and that Facebook satisfied the lower pleading standard.