A Maryland circuit court judge last week told the state what it can do with its law against spam -- move it from the in-box to the trash can.
Judge Durke G. Thompson ruled that the 2002 Commercial Electronic Email Act is unconstitutional because it tries to regulate commerce outside its borders.
Thompson rejected a civil lawsuit filed by Eric Menhart, a student at George Washington University Law School in Washington, D.C., who claimed that Joseph Frevola of Carle Place, N.Y., sent his corporation, MaryCLE (pronounced "miracle"), more than 80 spam e-mails despite Menhart's insistence that the mails stop. Menhart sought almost $169,000 in damages.
The problem appears to be based not only on Frevola being a resident of New York but on Menhart's multiplicity of locations. He pays taxes and votes in Maryland and has a Maryland driver's license. But he lives in Washington, D.C., while attending GW. Even if the law were constitutional, it's only supposed to apply to Maryland residents. Thompson wrote in his ruling that the Frevola couldn't be clear on where -- geographically -- his e-mails were going, so the Maryland spam penatlies couldn't be fairly imposed on him.
In an interview, Menhart said that it's nearly impossible to get his home state wrong, noting that he has an e-mail address with the domain name "maryland-state-resident.com." And MaryCLE, where the e-mails arrived, is incorporated in Maryland.
But what is MaryCLE? The company is "in the process" of becoming a 501(c)3 non-profit corporation, and bills itself as a consumer protection firm. Menhart said the organization is designed to "call attention to the problem of false and misleading messages." In other words, the corporation went live, sat back and waited for the spam to come in. And apparently it did. MaryCLE has two other cases pending in the court system, and has won or settled cases against six other e-mailers.
Despite that record, Menhart said MaryCLE is not a roundabout way to get rich off of Maryland's spam law. "We've made nothing on this," he said. "If this was a profiteering situation, it has failed miserably." The law doesn't exactly provide a path to riches; individuals can get up to $500 in judgments in their favor. Internet service providers can get up to $1,000.
Menhart conceded that MaryCLE has brought in approximately $6,000 in settlements, all told, though he insisted that the costs associated with pursuing the spam cases have so far left MaryCle about $3,000 in the red.
Frevola, who declined an interview request, said through attorney Andrew Dansicker that he does not consider himself a spammer because he does not use fake corporations and includes his name, address and an unsubscribe option in his e-mail messages. "Anyone could have contacted him at any time," said Dansicker, who works for Baltimore-based law firm Schulman, Treem, Kaminkow, Gilden & Ravenell. "Yes, he does send out bulk e-mails by the thousands, but that is no different from Publishers Clearing House."
Dansicker said that Menhart never clicked to unsubscribe from his client's messages. Instead, Menhart sent return e-mail messages that Frevola never received.
He-said he-said aside, Thompson's ruling makes some interesting points about states' rights versus federal rights. Several other states have anti-spam laws on the books, some of which also allow people to sue junk e-mailers for sending out spam. Some of those laws manage to get around the federal government's anti-spam statute that forbids such lawsuits, but this decision effectively puts Maryland in its place, saying that it's up to the federal government to set the pace.
It's hard to say whether this ruling will resonate in other states, but some experts already predict that bulk mailers under assault elsewhere now have a handy precedent.
Menhart, however, may still have the last word. He plans to appeal Thompson's ruling to Maryland's highest court, a move that could keep the state's spam law very much alive.
Five Easy Patches
As every faithful Tech Policy & Security newsletter reader knows, the second Tuesday of every month is when Microsoft Corp. publishes its monthly patch update. Yesterday's notice yielded five patches, but fortunately, none of them earned Microsoft's highest "critical" rating. Instead, they all were rated "important," another way of saying "please download and install these now, but no need to rend your garment in the process."
The patches plug holes that hackers can use to run their own software on victims' computers, and one can snare computers' processing power to launch digital attacks against Web sites. Most of the holes appear Windows XP and 2000, though some only apply to Windows NT.
-- Robert MacMillan, washingtonpost.com Tech Policy Editor