CAN-SPAM Requires Falsity or Deception, But What Do Those Words Mean?–Rad v. US

February 14, 2021 · by Venkat Balasubramani · in Marketing, Spam

This is an unusual federal appellate ruling interpreting CAN-SPAM because it came to the court from the Board of Immigration Appeals. Rad was tried and convicted of violating CAN-SPAM. The Third Circuit affirmed his conviction in 2014. Rad was a non-citizen, and DHS initiated removal proceedings against him. The immigration decision came back to the Third Circuit for review a second time (it initially remanded).

This time around, the question is whether Rad’s spam conviction necessarily involved “fraud or deceit”. If it does, then Rad can be removed. So Rad, who during his prosecution was presumably arguing for an interpretation of the spam statute that requires fraud or deception, flipped his position and is now arguing the exact opposite: that the spam statute does not necessarily require fraud or deception. He’s arguing that the criminal spam statute covers seemingly innocuous conduct that approaches strict liability. (He proceeded pro se, so the court appointed amicus, Georgetown’s Appellate Immersion Clinic. Its opening and reply briefs are here.)

The court says CAN-SPAM crimes must be deceitful or fraudulent in order to be covered by the statute. Though this is a pro-defense ruling, it works to Rad’s disadvantage, fulfilling another condition for his removal from the United States. (The Third Circuit denied rehearing. Absent a successful petition for certiorari, he is likely out of options.)

* * *

The key question is whether 18 USC 1037(a)(3) and (a)(4) “categorically involve fraud or deceit.” The court says deceit is used in the immigration statute “in its commonly accepted legal sense.” A Webster’s definition cited by the Supreme Court appears to endorse this approach.

The question is what is the “least culpable” conduct proscribed by the spam statute. One of the sub-sections prohibits false header information, just like a civil CAN-SPAM provision. The other deals with a prohibition on providing materially false information when registering for an email account, online user account, or domain name coupled with the transmission of “multiple electronic mail messages” from those accounts. This issue has not been litigated much under federal spam statutes, although it has been litigated under state spam statutes.

False Header Information: 1037(a)(3) has language that’s identical to its civil counterpart in CAN-SPAM (15 U.S. Code § 7704). A good starting point for its interpretation in a civil case is the Fourth Circuit’s decision in the Mummagraphics case. Gordon v. Virtumundo, a Ninth Circuit case, took a similar approach. Both cases commented that falsity that would deceive a recipient is required under CAN-SPAM (and technical inaccuracies were not sufficiently deceptive). Other decisions have addressed the question of falsity, but in the context of whether a state spam law cause of action is preempted by CAN-SPAM. While there have not been any notable appellate rulings, Wagner v. Spire Vision, a ruling from the Northern District of California (Judge Alsup), granted a spam plaintiff summary judgment on the preemption question. This decision acknowledged that some deception is necessary to escape preemption, but said that a plaintiff is not required to plead reliance and damages. In a later summary judgment ruling evaluating the emails themselves, the court confirmed that “material misrepresentations” are required. The decisions addressing preemption (such as Wagner) seem less on point to the question the court is asking here, but even they agree that some deception is necessary.

Amicus on the other hand urged a construction of the statute that did not require the header information to be misleading. This construction:

requires an email address’s semantic content to match the sender’s reality. If a commercial message arrives from ‘Jane@sportsfan.com,’ for example, then Amicus reads the Act as mandating that the sender be named Jane and enjoy sports.

The amicus argument is similar to one urged by many spam plaintiffs, and has been rejected by several courts interpreting CAN-SPAM in civil cases. Although Mummagraphics did not address this precise hypothetical, it made clear that bare errors or technical errors are not covered by CAN-SPAM. It’s worth noting also that the civil statute has some additional explanatory sections (15 U.S. Code § 7704 (a)(1)(A), (B), and (C)) that confirm that the statute is not intended to prohibit mere concealment. It would be surprising to see the criminal provisions of the statute have an even lower standard for liability.

False Registration Information: 1037(a)(4) prohibits providing false information in connection with registration of an email account, online user account, or domain name. A Ninth Circuit criminal case (U.S. v. Kilbride) noted in passing that the use of proxy registration services could be misleading if used for the purpose of obscuring the actual registrant’s identity. But Kilbride involved ample evidence of falsification or deception. As Eric notes on his post on that case, “[defendants’] spam failed to comply with CAN-SPAM in several respects, including forged headers, fake email addresses and bogus contact info.” The civil statute does not contain an identical provision, although it prohibits the use of an internet protocol address that was procured by false pretenses. The civil statute also has as an aggravating factor, a prohibition on the use of scripts or automated means to register for email accounts or online user accounts from which some sends commercial email that is otherwise violative of CAN-SPAM. Most of the litigation activity on the civil front has been under state spam statutes, in particular California’s. Balsam v. Trancos is a key case where a California appeals court held that emails that do not identify the sender violate California’s spam statute. In contrast to the trend of CAN-SPAM rulings, Trancos injected the element of concealment into the spam statute. Amicus took a position similar to the one taken by the prosecutors in Kilbride and by plaintiff in the Trancos case:

under Amicus’s . . . interpretation of 1037(a)(4), anyone who employs a proxy service to register a domain name risks federal prosecution.

The court’s conclusion: the court says that the criminal spam statute does not criminalize “commonplace practices” such as using fanciful “from” lines. Similarly, it does not criminalize the “popular practice” of the use of proxy registrations. Citing First Amendment cases, the court says a purported prohibition on anonymity by a criminal spam-statute would raise serious constitutional concerns.

The court says the structure and text of the statute similarly counsel against interpreting the criminal spam provisions so strictly. The definition of “material” as it relates to false or misleading header information is found also in the civil statute, and these definitions should not be given a stricter reading in the criminal context than in the civil context. Amicus also argued that the use of “deceit” in another part of the statute (prohibiting the relay or transmission of commercial emails “with the intent to deceive or mislead recipients . . . . as to the origin of such messages”) means that “materially falsifies” is not equivalent to deceive. The court says this is true, but while the general prohibition on relay or transmission of messages with the intent to deceive as to origin address deception broadly, the subsections hinging on the term “material falsification” nevertheless address another type of deception.

The conclusion about the criminal spam statute requiring deception seems uncontroversial, but there is such a dearth of appellate court rulings construing spam statutes, that it’s useful to have out there. On the other hand, one wonders if this case will be useful precedent in CAN-SPAM cases, given that the court’s pronouncements came in the context of a removal proceeding. The opinion read a lot like a law review article.

The court was not necessarily writing on a totally blank slate. It would have been nice for the court to have discussed Mummagraphics, Gordon, and perhaps even the preemption cases. It understandably focused on Kilbride (the rare appellate ruling in a criminal case), but the concealment question did not appear to be a central question in that case.

Notwithstanding the above conclusion, the court remands again, for the determination of whether victim losses were above the $10,000 threshold (also a requirement for removal).

Case citation: Rad v. Attorney General United States, No. 19-1404 (3d Cir. 2020)

An End to Spam Litigation Factories?–Gordon v. Virtumundo

CAN-SPAM Preemption Doesn’t Apply To Fraud…And More

Advertiser May Have Claims Against SEO Firm Using Undisclosed Spammy Practices

Court Accepts Narrow View of CAN-SPAM Preemption but Ultimately Dismisses Claims – Davison Design v. Riley

Spam Arrest’s Sender Agreement Fails Because Email Marketer’s Employees Lacked Authority–Spam Arrest v. Replacements (Forbes Cross-Post)

Another Spam Litigation Factory Unravels –- Beyond Systems v. Kraft

Independent Contractor Relationship Between Sender and Advertiser Dooms Spam Claims – Kramer v. NCS

CAN-SPAM Violations For Private WHOIS Information and Putting Disclosures in Remotely Served Images – ZooBuh v. Better Broadcasting

Crazy SOPA-Like Attempt to Hold International Banks Liable for Pharmacy Spam Fails on Jurisdiction Grounds–Unspam v. Chernuk

Courts Allows Text Spam Class Action Against Voxer, a Cell Phone Walkie-Talkie App — Hickey v. Voxernet

Court Refuses to Dismiss Claims Against Alleged Twitter-Bot Spammer–Twitter v. Skootle