Email and law in the news

A couple things related to the intersection of email and law happened recently.
The 6th circuit court ruled that the government must have a search warrant before accessing email. The published opinion is interesting reading, not just because of the courts ruling on the law but also because of the defendant. Berkeley Premium Nutraceuticals toyed with spamming to advertise their product as a brief search of public reporting sites shows. The extent and effort they went to in order to stay below the thresholds for losing their merchant accounts is reminiscent of the effort some mailers go through to get mail through ISP filters.
The other bit of interesting reading is the Microsoft motion to dismiss the case brought against them by Holomaxx. It is a relatively short brief (33 pages) and 3 of those pages are simply a listing of the relevant cases demonstrating ISPs are allowed to filter mail as they see fit. 2 more pages are dedicated to listing the relevant Federal and State statutes. I strongly encourage anyone considering suing any large ISP to to read this pleading. These lawyers understand email law inside and out and they are not going to mess around. They also have both statute and case law on their side. They point this out before the end of page 1:

Holomaxx’s claims against Microsoft are without merit. First, Claims 3-6 and 9—based on Microsoft’s filtering of Holomaxx’s e-mails—are barred by the Communications Decency Act of 1996 (“CDA”), 47 U.S.C. Section 230. The CDA explicitly exempts service providers such as Microsoft from liability for filtering of objectionable content, including objectionable e-mail.
Through the CDA, Congress immunized Microsoft from precisely the sort of liability that Holomaxx seeks to impose here. Indeed, one federal court recently held that claims based on e-mail filtering were barred by the CDA. See e360Insight, LLC, 546 F. Supp. 2d at 609-610. The same analysis should be adopted here. Further, even accepting Holomaxx’s allegations as true, every cause of action based on Microsoft’s filtering activities (Claims 1-6 and 9) independently fails to state a claim upon which relief may be granted, as Holomaxx has failed to allege legally sufficient facts and puts forth theories that are unsupported in the law.

Suing ISPs to force them to accept mail is a failed business model, the law is just not on the senders’ side.

Email marketing ulcers for the holiday
AOL goes kablooey

Related Posts

Freemail opens

Justin Coffey commented on my check your assumptions post pointing out his data on opens related to ISPs. He says:

Read More

Broken Policies

As an email policy wonk, I think a lot about how specific policy implementations can go wrong. Sure, every policy can go wrong, or not fit a common case. A lot of people only write polices that address common cases and don’t worry about the rarer cases. The problem is there are some rare cases that may cause significant harm and those cases should be addressed.
Consumerist has a case up about email policy gone wrong with a clear path to harm but no policy for handling the issue. There are a couple places I see where this policy hole can be fixed.
Chase Bank does no verification when they collect email addresses, which results in them sending email to a person who does not have an account with Chase. This is not an ideal situation for anyone. Chase is revealing private financial information to an outside party, the actual bank customer is not getting their information and someone is getting email about money that’s not theirs.
In terms of policy for institutions handling sensitive personal information, I would always recommend implementing a verification step. This is mail that people want so they should confirm it. It’s also mail that really should be not going to 3rd parties.
Chase does not implement any verification step for email. This isn’t a fatal problem, as long as there is some process in place to get feedback and then correct the issue.
Unfortunately, Chase’s policies failed here, too. Chase requires an account number to speak to a representative about any issues. In this case, the email recipient does not have an account number. All of Chase’s contact channels rely on an account number: no account number, no talking to a human.
In terms of overall policy  Chase is hoping here is that, at some point, their actual customer will notice they’re not getting email and call in and attempt to troubleshoot the problem with Chase reps. I’m willing to bet, though, that their tier 1 people don’t have the training or information needed to troubleshoot this problem. I expect they’re going to read the script that says, “We sent you the mail, it must be a problem on your end. Have a nice day.”
Chase, and other bank analogues that require an account number, that do not verify email addresses should not require account numbers to talk to someone about the mail they are receiving. Why? Because although it’s reasonably rare that the mail is going to the wrong party, the potential harm to the bank’s customer is very high. This danger to customers means the bank should invest in a support pathway that allows non-customers to call, or write, to report misdirected email.
If Chase were my customer, I’d recommend adding a button to the email that says “receiving this mail in error, report here.” Make this a simple form that the recipient can fill out, two boxes one for email address and one optional one for “reason”. Once the bank has the report, they can stop the misdirected email and attempt to contact the customer through another channel. I’d also recommend that customers confirm any new address they add to the account in the future.
I know the bank thinks that by requiring an account number they are protecting their customers. Unfortunately, they’re failing to address a rare but potentially harmful case. Sadly, I expect even after this, they will still fail to implement any changes that will stop this from happening in the future.

Read More

Going to MAAWG

Following on from last weeks post about MAAWG, I thought I’d write a bit about actually going to MAAWG. You’re an ESP and you’ve been accepted into the organization. Now you have some decisions to make.

Read More