[Senate Hearing 107-1135] [From the U.S. Government Publishing Office] S. Hrg. 107-1135 SPAMMING ======================================================================= HEARING before the SUBCOMMITTEE ON COMMUNICATIONS OF THE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION UNITED STATES SENATE ONE HUNDRED SEVENTH CONGRESS FIRST SESSION __________ APRIL 26, 2001 __________ Printed for the use of the Committee on Commerce, Science, and Transportation U.S. GOVERNMENT PRINTING OFFICE 88-536 WASHINGTON : 2006 _____________________________________________________________________________ For Sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512�091800 Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001 SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION ONE HUNDRED SEVENTH CONGRESS FIRST SESSION JOHN McCAIN, Arizona, Chairman TED STEVENS, Alaska ERNEST F. HOLLINGS, South Carolina CONRAD BURNS, Montana DANIEL K. INOUYE, Hawaii TRENT LOTT, Mississippi JOHN D. ROCKEFELLER IV, West KAY BAILEY HUTCHISON, Texas Virginia OLYMPIA J. SNOWE, Maine JOHN F. KERRY, Massachusetts SAM BROWNBACK, Kansas JOHN B. BREAUX, Louisiana GORDON SMITH, Oregon BYRON L. DORGAN, North Dakota PETER G. FITZGERALD, Illinois RON WYDEN, Oregon JOHN ENSIGN, Nevada MAX CLELAND, Georgia GEORGE ALLEN, Virginia BARBARA BOXER, California JOHN EDWARDS, North Carolina JEAN CARNAHAN, Missouri Mark Buse, Republican Staff Director Martha P. Allbright, Republican General Counsel Kevin D. Kayes, Democratic Staff Director Moses Boyd, Democratic Chief Counsel SUBCOMMITTEE ON COMMUNICATIONS CONRAD BURNS, Montana, Chairman TED STEVENS, Alaska ERNEST F. HOLLINGS, South Carolina TRENT LOTT, Mississippi DANIEL K. INOUYE, Hawaii KAY BAILEY HUTCHISON, Texas JOHN F. KERRY, Massachusetts OLYMPIA J. SNOWE, Maine JOHN B. BREAUX, Louisiana SAM BROWNBACK, Kansas JOHN D. ROCKEFELLER IV, West GORDON SMITH, Oregon Virginia PETER G. FITZGERALD, Illinois BYRON L. DORGAN, North Dakota JOHN ENSIGN, Nevada RON WYDEN, Oregon GEORGE ALLEN, Virginia MAX CLELAND, Georgia BARBARA BOXER, California JOHN EDWARDS, North Carolina C O N T E N T S ---------- Page Hearing held on April 26, 2001................................... 1 Statement of Senator Allen....................................... 26 Statement of Senator Burns....................................... 1 Statement of Senator Rockefeller................................. 16 Prepared statement........................................... 16 Statement of Senator Wyden....................................... 26 Witnesses Buckley, Jr., Jeremiah S., General Counsel, Electronic Financial Services Council............................................... 32 Prepared statement........................................... 34 Catlett, Jason, President/CEO, Junkbusters Corp.................. 39 Prepared statement........................................... 41 Cerasale, Jerry, Senior Vice President, Government Affairs, The Direct Marketing Association Inc...................................... 29 Prepared statement........................................... 30 Goodlatte, Hon. Bob, U.S. Representative from Virginia........... 23 Prepared statement........................................... 24 Harrington, Eileen, Associate Director of Marketing Practices, Bureau of Consumer Protection, Federal Trade Commission.................. 3 Prepared statement........................................... 6 McClure, David P., President/CEO, U.S. Internet Industry Association.................................................... 48 Prepared statement........................................... 50 Moore, David, President/CEO, 24/7 Media.......................... 36 Prepared statement........................................... 38 Pogust, Esq., Harris L., Partner, Sherman, Silverstein, Kohl, Rose and Podolsky.............................................. 44 Prepared statement........................................... 46 Appendix Hollings, Hon. Ernest F., U.S. Senator from South Carolina, prepared statement............................................. 61 SPAMMING ---------- THURSDAY, APRIL 26, 2001 U.S. Senate, Subcommittee on Communications, Committee on Commerce, Science, and Transportation, Washington, DC. The Subcommittee met, pursuant to notice, at 2:35 p.m. in room SR-253, Russell Senate Office Building, Hon. Conrad Burns, Chairman of the Subcommittee, presiding. OPENING STATEMENT OF HON. CONRAD BURNS, U.S. SENATOR FROM MONTANA Senator Burns. We've got a Congressman on his way, but I'm going to open these hearings this morning, or this afternoon on the CAN-spam bill. We welcome everyone today to this hearing, which concerns a matter I think of critical importance to the future development of commerce on the Internet. How to control the explosion of unsolicited e-mail, or commerce mail known around the industry as spam. Specifically, we here are here to address the CAN-spam bill that Senator Wyden and I have introduced. Senator Allard of Colorado is also a co-sponsor of this bill and I thank him for his support. The CAN-spam bill would require e-mail marketers and spammers to comply with a straightforward set of workable common-sense rules designed to give consumers more control over spam e-mail. Specifically, it would require a sender of marketing e-mail to include a working return address so that the recipient can send a reply e-mail demanding not to receive any more messages. The marketer would be prohibited from sending further messages to that consumer who had informed them they wanted it to stop. Further, the bill would also prevent e- mail marketers from using deceptive headers or subject lines so the consumers will be able to tell who initiated the solicitation. The bill includes strong enforcement provisions to ensure compliance. The Federal Trade Commission would have the authority to impose steep civil fines up to $500,000 on spammers. This fine would be tripled if the violation is found to be intentional. In short, this bill provides broad consumer protection against bad actors while still allowing Internet advertisers a justified means of flourishing. Senator Wyden and I have taken great care to make sure that this bill does not harm legitimate advertising. In fact, we are trying to help the Internet advertiser by allowing them to reach people who want to learn more about their product. If I open up my e-mail and find 100 messages, and they're all advertisers, chances are I'll never read one of them. However, if I have 10 that I want to receive their mail, advertisers, they might find a sale there. This is how a legitimate system should and would operate under the CAN-spam bill. Spamming is really a problem. And I believe it's absolutely critical that we address it now so that the Internet is allowed to reach it's full potential. Because of the vast distances in my home state of Montana, many of my constituents are forced to pay long distance charges for their time on the Internet. Spam makes it nearly impossible for these people to enjoy the experience, and it makes it even harder for them to see how this will help rural America flourish in the 21st Century. Also, Internet service providers are bombarded with spam that often corrupts and shuts down their systems. In today's information age, where beating a competitor to the next sale is absolutely critical to survival, these shutdowns can cause real economic damage. We may be in a down-turned American economy, and especially in the high-tech sector, we're going through a little shake-out and nobody has to read a newspaper to find that out. But the efficiencies created through the vast information-sharing are here to stay and will help propel our economy to levels beyond our imagination. But in order to reach its potential, we must eliminate the bad actors and those who threaten these efficiencies. I had initially hoped that the technology would solve the problem that it created. However, for every filter, there is a quick response by spammers to beat the filter. Where have I heard that argument before? I think we were talking about schools and libraries at one time and the use of filters. And this is--and we're finding out that it doesn't take much, just the change of a numerical, a number or a letter, and you're around the filter. It seems like a big game to them, and to us it's a bad game. I just recently read, and I would have most of you pick up a Monday, last Monday's Wall Street Journal which had a big article in the journal that says ``You've Got Mail''. And in parenthesis, you don't want. So I think it's a very creative article, probably laying out the problems and the challenges that we face on spamming. Spammers--ISP's who incorporate more sophisticated filtering to catch such alterations find that spammers will include 1-800 numbers as graphic files imbedded in an ordinary text message. Such telephone numbers would display normally in ordinary e-mail, but because they were encoded in the graphics format instead of in ordinary text, Internet filters would miss them entirely. I find the analysis of the anti-spamming activist quoted in the article quite instructive. They felt that ``the technical methods that have just given rise to an arms race situation, where each improvement of the technical means for blocking spam, just drives the creation of new spam means of getting spam past the block. It will only be stopped by legislative solutions. When it becomes too much of a financial risk for not enough benefit, the spammers will go away, and not before.'' And I couldn't agree more. The CAN-spam bill will provide spammers with the only kind of incentives to get out of the business, and they understand stopping it and stop invading on the privacy of consumers. I look forward to hearing from the witnesses today, and I call them to the table at this time. We have Ms. Eileen Harrington, Associate Director of Marketing Practices, Bureau of Consumer Protection, Federal Trade Commission here in Washington, DC. Ms. Harrington, thank you for taking time out of your busy schedule and coming to testify before this Committee today. We look forward to your remarks. STATEMENT OF EILEEN HARRINGTON, ASSOCIATE DIRECTOR OF MARKETING PRACTICES, BUREAU OF CONSUMER PROTECTION, FEDERAL TRADE COMMISSION Ms. Harrington. Thank you very much, Mr. Chairman. As you said, I am Eileen Harrington of the Federal Trade Commission's Bureau of Consumer Protection. The Commission is very pleased to be asked to present its views today and has submitted its testimony to the staff for the record. I will be, of course, happy to answer any questions that you may have, and the answers will be my own views and not necessarily those of the Commission. The low cost of sending UCE or spam differentiates it from other forms of unsolicited marketing such as direct mail or outbound telemarketing. Those marketing techniques, unlike spam, impose costs on senders that may serve to limit their use. There are no comparable limits on spam, however. Nevertheless, well-known manufacturers and sellers of consumer good and services, generally do not send spam. Rather, these merchants use requested about available products, services and sales. For example, consumers may agree in advance to receive information about newly published books on subjects that interest them, or weekly e-mails from airlines advising them of discounted air fares, giving consumers the ability to choose the information they receive over the Internet. Known in the industry now as permission-based marketing, it is likely to create more confidence in its content and in the sender. This permission-based approach is the model mandated by S. 630. Not all UCE is fraudulent. Fraud operators, however, are always among the first to exploit any technological innovation, and it is no surprise therefore, that they have seized on the Internet's capacity to reach literally millions of consumers quickly and at a low cost through spam. Not only are fraud operators able to reach millions of individuals with one message, but they can misuse the technology to conceal their identity. Many spam messages contain false information about the sender and where the message was routed from. This makes it nearly impossible to trace the spam back to the actual sender. In the same vein, spam often contains misleading subject lines and extravagant earnings or performance claims about goods and services. These types of claims are the stock in trade of fraudulent schemes. The Commission has conducted a vigorous law enforcement program against fraudulent or deceptive spam. At least thirty of the 173 cases the Commission has brought to date against fraud on the Internet, have targeted fraudulent operations that used spam as an essential integral part of their scheme. The Commission has also conducted an educational program to alert consumers and businesses about the dangers of spam. It has published nine consumer publications that relate to spam and more than 1.6 million of those documents have been distributed to consumers either through paper copies or via access to the FTC's website. I would add the Commission is also probably the only organization in the country that has invited consumers to send us their spam. We operate a special spam mailbox, [email protected] and to date we've received over 8 million pieces of unwanted spam from consumers. The Commission supports the goals of S. 630 which are to help control the additional costs and other potential negative effects that spam can impose, both on Internet service providers and Internet users and to strengthen consumer choice in the matter of whether to receive spam. S. 630 addresses two basic problems that together pose a real threat to consumers' confidence in the Internet as a medium for personal electronic commerce. First, there is the problem of fraudulent or deceptive spam. This is addressed by the prohibitions in S. 630 against false or misleading header information or subject headers. The Commission welcomes these proposals as potential enhancements to its existing authority under the Federal Trade Commission Act. The second serious problem addressed by S. 630 is the stress on the Internet infrastructure resulting from the sheer volume of spam. Spam, even if not deceptive, may lead to disruptions and inefficiencies in Internet services and constitutes a great nuisance to consumers and businesses using the Internet. This aspect of the problem is addressed by the bill's opt-out provisions. S. 630 would require commercial e- mail messages to contain an opt-out notice and a functioning return e-mail address for sending an opt-out request. Further, S. 630 would prohibit sending any spam after a recipient has opted out. These provisions are a big step in the right direction to stem the tide of spam by giving consumers more control over which commercial e-mail messages they receive. Now there are several issues raised by S. 630 that I want to mention for your consideration. First, a key term used throughout S. 630 is commercial electronic mail message. This term is defined in section 3 of the bill. The relevant portion of the definition provides that an electronic mail message shall not be considered to be a commercial electronic mail message solely because such message includes a reference or link to an Internet website operated for a commercial purpose. However, in our experience much spam, particularly spam related to pornographic websites consists of nothing more than such a reference or link. The definition as currently drafted could potentially be exploited by senders of such spam to evade the requirements of this bill. A second concern, the language in section 5 of the bill that prohibits header information that is not legitimately obtained, is ambiguous. To ensure that this language does not create enforcement problems or engender unintended lawsuits, clarification is essential. The third concern that we want to raise concerns the provision in S. 630 prohibiting deceptive subject lines. This provision raises an issue about the Federal Trade Commission's authority to challenge deception under the Federal Trade Commission Act. Currently, under the FTC Act, the Commission could challenge a materially false or misleading subject line in a commercial e-mail message by using section 5 of the FTC Act. And the Commission could use that section of the FTC Act to challenge this type of false or misleading representation or any other false or misleading representation. The applicable legal standard that the FTC must meet under this provision of the FTC Act to demonstrate a deceptive practice is that it is likely to mislead consumers acting reasonably under the circumstances about a material fact. S. 630 would establish a higher standard applicable to subject lines in commercial e-mail messeges. It would require a showing that the person who sent the e-mail had knowledge that the subject line was likely to mislead the recipient about a material fact regarding the contents or subject matter of the message. This knowledge requirement, not an element of deception under well-established law under the FTC Act, would make it more difficult for the FTC to take action under S. 630 against materially false and misleading subject lines. As a matter of policy and fairness in enforcement, deceptive spam should not be treated differently from other deceptive marketing material. Moreover, the requirement of a showing that the subject line was likely to mislead the recipient and not reasonable consumer could increase the burden on the Commission to enforce this part of S. 630. This may require a showing that each individual recipient was likely to be misled, which is a very difficult burden to meet especially where millions and millions of consumers have received one particular message. Imagine proving that each one of them was likely to be misled. Because violators of section 5 of S. 630 would be exposed to liability for civil penalties of up to $11,000 per violation, it may be appropriate to adopt stringent standards for liability in S. 630 as a safeguard against penalties for what could be mere technical violations of the bill. However, the Commission recommends clarifying that S. 630 does not affect the FTC's current ability to bring enforcement actions targeting materially false or deceptive representations in commercial e-mail messages under the FTC Act, pursuant to the criteria of and seeking the remedies currently available under that Act. This could be accomplished by broadening the savings clause in section 7a of the bill. Additionally, section 7 of S. 630 appears to preclude enforcement of most existing federal civil laws that apply to commercial electronic mail such as the FTC Act's broad prohibition of deceptive advertising, except to the extent specifically provided in S. 630. We believe that S. 630 should not supplant other relevant federal law and we recommend expanding the savings clause to make this point clear. Before concluding, I do want to note that the enforcement scheme laid out by S. 630 and which you describe, Mr. Chairman, in your opening statement is modeled on similar schemes Congress established for enforcement for the Commission's 900 number rule and the telemarketing sales rule in the statutes that mandated promulgation of those rules. The Commission's efforts would be supplemented with those of the state attorneys general and possibly by other federal agencies with jurisdiction in areas where the FTC has none. This type of dual federal/state enforcement scheme has proved extremely successful in the past, particularly in challenging deceptive and abusive telemarketing practices and the Commission would expect it to work equally well in this context. [The prepared statement of Ms. Harrington follows:] Prepared Statement of Eileen Harrington, Associate Director of Marketing Practices, Bureau of Consumer Protection, Federal Trade Commission Mr. Chairman, I am Eileen Harrington of the Federal Trade Commission's Bureau of Consumer Protection. The Federal Trade Commission is pleased to provide testimony today on the subject of unsolicited commercial e-mail, the consumer protection issues raised by its widespread use, the FTC's program to combat deceptive and fraudulent unsolicited commercial e-mail, and the FTC's views on the ``Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2001'' (S. 630), which Chairman Burns has proposed.\1\ I. Introduction and Background A. FTC Law Enforcement Authority As the Federal Government's principal consumer protection agency, the FTC's mission is to promote the efficient functioning of the marketplace by taking action against unfair or deceptive acts or practices, and increasing consumer choice by promoting vigorous competition. To fulfill this mission, the Commission enforces the Federal Trade Commission Act, which prohibits unfair methods of competition and unfair or deceptive acts or practices in or affecting commerce.\2\ The Commission's responsibilities are far-reaching. With certain exceptions, this statute provides the Commission with broad law enforcement authority over virtually every sector of our economy.\3\ Commerce on the Internet, including unsolicited commercial electronic mail, falls within the scope of this statutory mandate. B. Concerns About Unsolicited Commercial E-mail Unsolicited commercial e-mail--``UCE,'' or ``spam,'' in the online vernacular--is any commercial electronic mail message sent, often in bulk, to a consumer without the consumer's prior request or consent. The very low cost of sending UCE differentiates it from other forms of unsolicited marketing, such as direct mail or out-bound telemarketing. Those marketing techniques, unlike UCE, impose costs on senders that may serve to limit their use. Generally, well-known manufacturers and sellers of consumer goods and services do not send UCE. Rather, such merchants use solicited e- mail to give consumers information that they have requested about available products, services, and sales. For example, consumers may agree in advance to receive information about newly-published books on subjects of interest, online catalogues for products or services frequently purchased, or weekly e-mails about discounted airfares. These examples of bulk commercial e-mail sent at the consumer's request demonstrate the value of consumer sovereignty to the growth of Internet commerce. Giving consumers the ability to choose the information they receive over the Internet--known in the industry now as ``permission-based'' marketing--seems likely to create more confidence in its content and in the sender. By no means is all UCE fraudulent, but fraud operators, who are often among the first to exploit any technological innovation, have seized on the Internet's capacity to reach literally millions of consumers quickly and at a low cost through UCE. Not only are fraud operators able to reach millions of individuals with one message, but they can misuse the technology to conceal their identity. Many spam messages contain false information about the sender and where the message was routed from, making it nearly impossible to trace the UCE back to the actual sender. In the same vein, UCE messages also often contain misleading subject lines and extravagant earnings or performance claims about goods and services. These types of claims are the stock in trade of fraudulent schemes. Bulk UCE burdens (indeed, sometimes cripples) Internet service providers and frustrates their customers. The FTC's main concern with UCE, however, is its widespread use to disseminate false and misleading claims about products and services. The Commission believes the proliferation of deceptive bulk UCE on the Internet poses a threat to consumer confidence in online commerce and thus views the problem of deception as a significant issue in the debate over UCE. II. The Federal Trade Commission's Approach to Fraud on the Internet In 1994, the Commission filed its first enforcement action against deception on the Internet, making it the first federal enforcement agency to take such an action.\4\ Since that time, the Commission has brought 173 law enforcement actions against more than 575 defendants to halt online deception and fraud. The pace of our Internet law enforcement has been increasing, in step with the growth of commerce-- and fraud--on the Internet; over two-thirds of the FTC's Internet- related actions have been filed since the beginning of 1999. The Commission brings to the Internet a long history of promoting competition and protecting consumers in other once-new marketing media. Recent innovations have included 900-number technology and telemarketing. The development of each of these advances in the marketplace was characterized by early attempts of fraud artists who sought to capitalize on the new way of doing business. In each instance, the Commission used its statutory authority under Section 5 of the FTC Act to bring tough law enforcement actions to halt specific deceptive or unfair practices, and establish principles for non- deceptive marketing.\5\ In some instances, most notably national advertising, industry took an aggressive and strong self-regulatory stance that resulted in dramatic improvements in advertising and marketing practices.\6\ In other instances, at the direction of Congress or on its own initiative, the Commission has issued trade regulation rules to establish a bright line between legitimate and deceptive conduct.\7\ III. The Commission's Approach to Unsolicited Commercial E-mail A. Monitoring the Problem The Federal Trade Commission closely monitors the development of commerce on the Internet. Since the inception of the Internet as a commercial medium, the Commission has conducted a series of hearings and public workshops so that it could have the benefit of views from a wide range of stakeholders.\8\ In June 1997, at a workshop devoted to issues of privacy on the Internet, the Commission heard discussion of three distinct UCE problems: (1) deception in UCE content; (2) economic and technological burdens on the Internet and delivery networks caused by the large volume of UCE being sent; and (3) costs and frustrations imposed on consumers by their receipt of large amounts of UCE. While the Commission has maintained a focus on deception perpetuated through UCE, industry and advocacy groups that participated in the privacy workshop directed their attention to the economic and technological burdens caused by UCE. Under the leadership of the Center for Democracy in Technology, these groups spent a year studying the problem and identifying possible solutions, and in July 1998 issued their ``Report to the Federal Trade Commission of the Ad-Hoc Working Group on Unsolicited Commercial E-Mail.'' \9\ This report recommended the pursuit of technologies and public policies that would provide consumers with more control over the UCE they receive. Specifically, the report:urged marketers to give consumers a choice to ``opt-in'' or ``opt-out'' of receiving a UCE solicitation; and urged law enforcement to continue to attack fraudulent UCE solicitations, including those with deceptive ``header'' information.\10\ On another front, in 1998 the FTC set up a special electronic mailbox reserved for UCE in order to assess, first hand, emerging trends and developments. With the assistance of Internet service providers, privacy advocates, and other law enforcers, staff publicized the Commission's UCE mailbox, ``[email protected],'' and invited consumers and Internet service providers to forward their UCE to it. The Commission also created a database in which all of the forwarded UCE messages are stored. Over 8,300,000 pieces of UCE have been forwarded to the Commission since January 1998, and the UCE mailbox receives an average of 10,000 new pieces of UCE every day, 7 days a week. UCE received and entered in the database within the preceding 6 months is searchable. Periodically, staff has used the data to supplement law enforcement and consumer and business education efforts. Commission staff has recently made arrangements to purchase new indexing software that will allow staff to conduct much more sophisticated searches as well as manipulate the data to determine trends and patterns in the UCE received. B. Aggressive Law Enforcement The Commission has responded to fraudulent UCE with a vigorous law enforcement program. To date, about 30 of the Commission's Internet cases have targeted scams in which spam was an essential, integral element. Most of these cases have been Section 13(b) actions in federal district court. For example, in May 1999, the Commission filed FTC v. Benoit.\11\ This scheme used the ruse of a spam notification about charges purportedly to be billed to consumers' credit card accounts to lure the consumers into calling an expensive international telephone number.\12\ The initial spam message purported to inform consumers that their ``orders had been received and processed'' and that their credit card accounts would be billed for charges ranging from $250 to $899. In fact, the consumers had not ordered anything. The spam advised recipients to call a specified telephone number in area code 767 with any questions about the ``order'' or to speak to a ``representative.'' Many consumers were unaware that area code 767 is in a foreign country--Dominica, West Indies. But because Dominica is included within the North American Numbering Plan,\13\ it was not necessary to dial 011 or any country code to make the calls. Consumers who called to prevent charges to their credit cards, expecting to speak to a ``representative'' about the erroneous ``order,'' were connected to an adult entertainment ``audiotext'' service.\14\ Later, these consumers received charges on their monthly telephone bills for the international long-distance call to Dominica, West Indies. The defendants shared in the revenue received by a foreign telephone company for the costly international calls. The defendants hid their tracks by using forged headers in the spam they used to make initial contact with consumers. The final stipulated order that resolved this case includes a provision specifically prohibiting the defendants from sending or causing to be sent any e-mail (including unsolicited commercial e-mail) that misrepresents the identity of the sender of the e-mail or the subject of the e-mail. The Order thus bans the defendants from falsifying information in the ``from'' and ``subject'' lines of e- mails, as well as in the text of the message. Another recent case, FTC v. Martinelli,\15\ targeted an alleged pyramid scheme that centered on spam. The defendants in that case ran an operation called DP Marketing, which was a Connecticut-based pyramid scheme, elaborately disguised as a work-at-home opportunity. DP Marketing solicited new recruits through ``spam'' and through newspaper classified ads across the country. The spam contained messages such as: ``National Marketing Company seeks individuals to handle office duties from home. This is a full or part-time position with a salary of $13.50/hr. The position consists of processing applications for credit, loans or employment, as well as online consumer service.'' Consumers who responded by visiting DP Marketing's Web site or by calling the company received a pitch stating that they could receive $13.50 per hour by just processing orders for the company from the comfort of their own homes. The defendants also represented that no experience was necessary, and that for a ``registration fee'' ranging from $9.95 to $28.72 purchasers would be sent everything needed to get started, including telephone scripts, product sheets, time sheets and ID numbers. What consumers actually got was a kit instructing them first to place advertisements identical to the ones to which they had responded, and then to read the same script to people who responded to their ads. Instead of $13.50 per hour, consumers' earnings depended on the number of new victims they recruited. The FTC complaint alleged that the defendants misrepresented to consumers that DP Marketing offers jobs at a specified salary; failed to disclose the material fact that they were offering a pyramid work- at-home scheme; and provided to others the ``means and instrumentalities'' to commit unlawful and deceptive acts. On November 14, 2000, the court entered a stipulated final order banning the defendants from future pyramiding, barring them from misrepresenting the availability and profitability of jobs, and requiring the defendants to pay $72,000 in consumer redress. The Commission has also brought a number of cases against credit repair scams that used spam as an integral aspect of their deception.\16\ In a particularly pernicious variation on this scheme, consumers are urged to create a new credit identity in order to fix their credit. Using spam messages such as ``BRAND NEW CREDIT FILE IN 30 DAYS,'' these scammers induce consumers to purchase instructions about how one can obtain a federally-issued, employee or taxpayer identification number, and use these numbers illegally in place of social security numbers to build a new credit profile that will purportedly allow one to get credit that would be denied based on one's true credit history. In fact, using a false identification number to apply for credit is a felony--a point these scammers omit from their solicitations. The Commission, either on its own or through the Department of Justice, filed cases against seven operations that used this type of deceptive spam.\17\ More recently, in FTC v. Para-Link International,\18\ the FTC sued several Florida-based companies that were using spam to market a work- at-home paralegal business opportunity. The Commission's complaint charged that the defendants use spam to induce consumers to purchase the business opportunity for $395-495. The spam contained representations such as: ``Make Over $200 An Hour,'' and ``You Can Process Simple Divorces and Bankruptcies From Home and Make Over $200 An Hour in as little as 30 Days!!!''; and urged prospective purchasers to call a toll-free number for more information. Defendants promised that the business opportunity would include training so purchasers could become at-home paralegals; defendants also promised to refer a steady stream of clients to purchasers of the business opportunity for a fee of $25 each. According to the FTC's complaint, few consumers who purchased the business opportunity from the defendants ever realized these earnings. The court entered a temporary restraining order (``TRO'') against the defendants on October 17, 2000, ordering them to cease operations, freezing their assets, and appointing a receiver to take charge of the companies. Subsequently, the court issued an order that extended the relief granted in the TRO pending issuance of a preliminary injunction. Other types of deceptive schemes that use UCE have also been targets of FTC enforcement action, such as deceptive business opportunities \19\ and deceptive weight loss schemes.\20\ As these cases illustrate, the Commission's focus has been on the deceptive content of UCE messages. C. Comprehensive Consumer and Business Education The Commission has published nine consumer publications related to UCE, available in paper format and downloadable from the FTC's Web site. More than 1.6 million of these documents have been distributed to consumers, either through paper copies or via access to the Commission's Web site.\21\ The first, Phone, E-mail and Pager Messages May Signal Costly Scams, was published in 1996. It has been distributed in paper form over 16,000 times and has been accessed at the FTC's Web site more than 18,000 times. Two versions of the related Trouble @ the In-Box help consumers identify some of the scams showing up in electronic in-boxes and offer tips and suggestions for assessing whether an opportunity is legitimate or fraudulent. These publications also advise consumers about how to handle UCE and offer ideas for consumers to control the flow of UCE. The publications steer consumers to additional resource materials that can help them determine the validity of a promotion or money making venture. To date, over 87,000 paper copies of the brochures have been distributed, and they have been accessed on the FTC's Web site nearly 53,000 times. How To Be Web Ready is a reader's bookmark that offers consumers tips for safe Internet browsing. It provides guidance for consumers on how to safeguard personal information, question unsolicited product or performance claims, exercise caution when giving their e-mail address, guard the security of financial transactions, and protect themselves from programs and files that could destroy their hard drives. A number of corporations and organizations have provided a link from their Web sites to the tips on the FTC's Web site, including Circuit City, Borders Group Inc., Netcom, Micron, and Compaq. More than 94,000 paper copies of the bookmark have been distributed, and it has been accessed more than 31,000 times on the FTC's Web site. A related publication, Site-Seeing on the Internet: A Consumer's Guide to Travel in Cyberspace, with similar helpful hints, has been accessed nearly a million times on the FTC's Web site, and over 165,000 papers copies have been distributed. In July 1998, the FTC launched a public education campaign called Spam's Dirty Dozen: 12 Scams Most Likely to Arrive Via Bulk E-mail to publicize the most prevalent UCE scams. The list of scams was culled from a sampling of more than 250,000 spam messages that consumers had forwarded to the FTC's spam mailbox at [email protected]. The consumer alert identified the following twelve types of deceptive solicitations and described how each operates: business opportunity schemes; bulk e-mail programs \22\; chain letters; work-at-home schemes; health and diet scams; effortless income; free goods; investment opportunities; cable descrambler kits; guaranteed loans or credit on easy terms; credit repair; and vacation prize promotions. More than 24,000 paper copies of this consumer alert have been distributed, and it has been accessed more than 100,000 times on the FTC's Web site. In March 2000, the Commission published an alert titled Unsolicited Mail, Telemarketing and E-mail: Where to Go to ``Just Say No'' which provided information to consumers on how to control junk mail and e- mail. Over 21,000 copies of this alert have been distributed in paper form, and it has been accessed over 20,000 times on the FTC's Web site. In September 2000, the Commission published a consumer alert entitled The Lowdown on Chain Letters in an effort to warn consumers about the risks of chain letters that arrive via e-mail. Over 10,000 paper copies of this brochure have been distributed, and it has been accessed over 8,200 times on the FTC's Web site. In January of this year, the FTC published Cracking Down on Mail, E-mail and Fax Scams: Project Mailbox that offers tips to consumers about avoiding being scammed by mail or e-mail offers. The publication is only available on the FTC's Web site, and has been accessed online nearly 1,300 times to date. IV. The Commission's Views on S. 630, the ``Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2001'' ( the ``CAN Spam Act of 2001''). The Commission generally favors the underlying goals of S. 630, which are to help control the additional costs and other potential negative effects that UCE can impose on Internet access service providers and other businesses and consumers that use the Internet, and to support consumer choice in the matter of whether to receive UCE. There are two basic problems that S. 630 addresses. First, there is the problem of fraudulent or deceptive UCE, and second, but also important, is the infrastructure problem that flows from the sheer volume of UCE. UCE, even if not deceptive, may lead to significant disruptions and inefficiencies in Internet services, and may constitute a great nuisance to consumers and businesses using the Internet. Both of these problems together pose a threat to consumers' confidence in the Internet as a medium for personal electronic commerce.\23\ S. 630 mandates the ``permission-based'' marketing model already adopted by many well-known manufacturers and sellers of consumer goods and services, and advocated by the Center for Democracy in Technology and other groups in their 1998 ``Report to the Federal Trade Commission of the Ad-Hoc Working Group on Unsolicited Commercial E-Mail.'' Section 5 of S. 630 would make it unlawful to initiate transmission of a commercial e-mail message that does not contain specified items of information designed to enable consumers to identify UCE and to prevent future receipt of it from that sender. These disclosures, required to be clear and conspicuous, are: an identification that the e-mail is an advertisement or solicitation; a notice of the opportunity (mandated by the bill) to decline to receive further UCE from the sender to the recipient; a functioning return e-mail address to which a recipient may send a reply to the sender to indicate a desire not to receive further e-mails from that sender; and a valid physical postal address of the sender. Section 5 of S. 630 would also make it unlawful: for a sender, or any person acting on behalf of the sender, to initiate the transmission of UCE to any recipient after that recipient has sent to the e-mail address provided by the sender a request not to receive further e-mail from that sender; for any person to initiate the transmission of a commercial e-mail message that ``contains, or is accompanied by, header information that is materially or intentionally false or misleading, or not legitimately obtained;'' or for any person to initiate the transmission of a commercial e-mail message ``with a subject heading that such person knows is likely to mislead the recipient about a material fact regarding the contents or subject matter of the message.'' S. 630 includes a multi-faceted enforcement scheme. First, Section 5 of the bill, described above, would be enforceable by the FTC, and any violation of it would be treated as if it were a violation of an FTC Trade Regulation Rule adopted pursuant to Section 18 of the FTC Act, 45 U.S.C.Sec. 57a. This means that each such violation would subject the violator to a maximum civil penalty of $11,000 in an enforcement action by the FTC.\24\ Second, the bill would allow other federal agencies that have jurisdiction over industries whose activities are wholly or partially exempt from the FTC's jurisdiction, such as banking and common carriers, to enforce the bill. Third, both providers of Internet access service and the Attorneys General of the various states would have enforcement authority to obtain injunctions against violations of Section 5 of the bill, and to recover damages.\25\ In addition to civil enforcement of Section 5 of S. 630, Section 4 of the bill would establish liability for criminal fines or up to one year imprisonment for anyone who ``intentionally initiates the transmission of any unsolicited commercial electronic mail message . . . with knowledge that such message contains or is accompanied by header information that is materially or intentionally false or misleading.'' S. 630 specifically provides that it would have no effect on the ability of providers of Internet access service to enforce their anti- UCE policies. Finally, the bill would mandate a study by the Commission within 18 months that would provide a detailed analysis of the effectiveness and enforcement of the bill's provisions. The Commission's views, set forth below, on the provisions of S. 630, are informed by workshops and other discussions the Commission has had with interested members of the Internet and marketing industry, as well as the Commission's law enforcement experience in the area of UCE, and in related areas, such as the ``Do Not Call'' provision of the Telemarketing and Consumer Fraud and Abuse Prevention Act.\26\ Where useful, the Commission also sets forth its views on H.R. 718, another legislative proposal dealing with UCE that is similar to S. 630.\27\ A. The Definition of the Term ``Commercial Electronic Mail Message'' [Sec. 3(2) of S. 630]. A key term used throughout S. 630 is ``commercial electronic mail message''; this term is defined in Section 3 of the bill. The relevant portion of the definition provides that ``an electronic mail message shall not be considered to be a commercial electronic mail message solely because such message includes . . . a reference or link to an Internet web site operated for a commercial purpose.'' Commission staff has observed that much UCE--particularly UCE related to pornographic web sites--consists of nothing more than such a reference or link. The definition as currently drafted could potentially be exploited by senders of such UCE to evade the requirements of the bill. As a practical matter, it may be difficult to demonstrate to a court that an e-mail consisting of nothing more than a URL and perhaps a statement such as ``check this web site!'' falls within the bill's definition of ``commercial electronic mail message''--i.e,. that its ``primary purpose . . . is to advertise or promote, for a commercial purpose, a commercial product or service''--when the definition apparently demands more than a reference or link to an Internet web site operated for a commercial purpose to bring an e-mail message within the scope of the bill's coverage. The House Bill currently under consideration, H.R. 718, avoids this problem by employing a definition of the term that tracks the definition in S. 630 but excludes the final problematic clause. B. The Prohibition Against Header Information That Is Materially or Intentionally False or Misleading, or Not Legitimately Obtained [Sec. 5(a)(1) of S. 630)]. This provision would likely benefit consumers. Chief among consumer complaints about UCE is that consumers do not know who sent the UCE, and therefore do not know to whom they can send a request not to receive more UCE. In addition, false routing information can cause UCE messages to clog the e-mail systems of providers of Internet access service, thereby slowing service to consumers trying to dial into the Internet through those providers of Internet access service or even completely shutting down the providers' systems. Indeed, some providers have had to devote significant resources and staff to dealing with the sometimes overwhelming tide of UCE. These costs likely are passed on to consumers. The Commission is aware of no legitimate reason for using false header information. The provision prohibiting falsification of routing information would allow a consumer to know who sent him or her the UCE. It could also help providers of Internet access service better handle the flow of both solicited and unsolicited commercial e-mail, because valid routing information is more easily handled by the Internet access service providers' e-mail servers. This could result in fewer impairments to consumers' Internet service, and possibly fewer costs passed on to consumers. The provision strikes an appropriate balance by specifying that header information that is ``materially . . . false or misleading'' violates Section 5 of S. 630, while technically false header information not meeting the standard of ``materiality'' would be actionable only if it could be shown that the falsehood was intentional. This appropriately ensures that inadvertent and relatively minor mistakes in header information will not trigger enforcement action or private lawsuits. The language in the provision specifying that header information ``not legitimately obtained'' violates Section 5 of the bill appears ambiguous. To ensure that this language does not create enforcement problems or engender unintended lawsuits, clarification would be helpful. This provision would impose few if any additional costs on senders of commercial e-mail. Further, the benefits to providers of Internet access service, recipients of e-mail, and Internet users generally who desire and expect optimum convenience, likely outweigh any additional costs. Also, these provisions could make the use of commercial e-mail a more effective marketing tool, because consumers likely would be more willing to trust the contents of a piece of UCE if they know the source of the e-mail. C. The Prohibition Against a Subject Heading That Such Person Knows Is Likely To Mislead the Recipient About a Material Fact Regarding the Contents or Subject Matter of the Message [Sec. 5(a)(2) of S. 630]. Consumers also complain about being misled by false subject lines of UCE. These misrepresentations lead them into believing that the contents are about one thing, but when they open the e-mail, they discover that it is about something else entirely. For example, many senders of UCE that advertises pornography will use benign subject lines such as ``Thanks for lunch'' or ``An old friend'' that the average e-mail recipient might believe are messages from someone he or she knows. In fact, to the consumer's surprise, such UCE advertises pornographic Web sites. A subject line that non-deceptively described the contents of the UCE would allow a recipient to make an informed decision about whether to open the message. The Commission is aware of no legitimate reason for using false subject heading information and supports this provision. Prohibiting deceptive subject lines would impose few, if any, additional costs on legitimate companies that use commercial e-mail to promote their goods and services. Benefits to individual consumer recipients of e-mail and to Internet users generally would outweigh any costs. As with the provisions discussed above, this provision could make the use of commercial e-mail a more effective marketing tool, because consumers likely would be more willing to trust the contents of a piece of UCE if they could rely on representations made in the subject to accurately and truthfully reflect the message's contents. This provision of S. 630, however, raises an issue about the Commission's authority to challenge deception under Section 5 of the FTC Act. Currently, the Commission could challenge a materially false or misleading subject line in a commercial e-mail message under Section 5 of the FTC Act, as it could any other deceptive representation. The applicable legal standard that must be met to demonstrate a deceptive practice is that it is ``likely to mislead consumers acting reasonably under the circumstances about a material fact.'' \28\ S. 630 would establish a higher standard applicable to subject lines in commercial e-mail messages by requiring a showing that the person who sent the e- mail had knowledge that the subject line was likely to mislead the recipient about a material fact regarding the contents or subject matter of the message. The scienter requirement--not an element of deception under Section 5 of the FTC Act--would make it more difficult for the Commission to take action under S. 630 against materially false and misleading subject lines. As a matter of law enforcement, deceptive UCE should not be treated differently from any other deceptive act or practice. Moreover, the requirement of a showing that the subject line was likely to mislead the recipient, and not a reasonable consumer, could increase the burden on the Commission in any action targeting materially false or deceptive representations made in subject lines of commercial e-mail messages. This may require a showing that each individual recipient was likely to be misled, a very difficult burden to meet. Because violating Section 5 of S. 630 would expose a person to liability for civil penalties of up to $11,000 per violation, the Subcommittee may believe it appropriate to adopt stringent standards for liability in S. 630 to protect against penalties for what could be mere technical violations of the Bill.\29\ However, the Commission believes that it would be useful for S. 630 to make clear that it does not affect the FTC's current ability to bring enforcement actions targeting materially false or deceptive representations in commercial e-mail messages under Section 5 of the FTC Act, pursuant to the criteria of, and seeking the remedies available under, that Act.\30\ This could be accomplished by broadening the savings clause in Section 7(a) of the bill.\31\ Therefore, clarification of an intent to leave intact the Commission's powers under the FTC Act with respect to deceptive representations in subject lines of commercial e-mail messages would be helpful. D. The Requirement of an E-mail Address to Which Consumers Can Request to No Longer Receive UCE, and the Requirement That Senders of UCE Honor Such Requests [Sec. Sec. 3 & 4 of S. 630]. These provisions would also likely benefit consumers. A major frustration among recipients of commercial e-mail, and particularly with UCE, is that often any reply to the sender's e-mail address ``bounces back'' and is never received by the sender. In such a case there is nothing the consumer can do to avoid receipt of additional commercial e-mail from the same sender. The provision requiring senders of commercial e-mail messages to include a valid reply e-mail address to which consumers may send requests to receive no more e-mail, and requiring senders to honor such requests, would go a long way in helping consumers control the amount of commercial e-mail, both solicited and unsolicited, they receive. However, it would likely impose some burdens on senders of commercial e-mail. S. 630 would require every sender of commercial e-mail to set up and maintain an e-mail account to which consumers could send requests, and senders would have to monitor and update their mailing lists at least as often as every 10 days. Nevertheless, the benefits of such a requirement would likely outweigh the costs to the senders. E. The Requirement of an Identifier, Opt-out Opportunity, and Physical Address of the Sender in Each UCE Message. S. 630 would require that every UCE message contain an identifier indicating that the message is an advertisement or solicitation. This provision would benefit consumers by enabling them to immediately recognize UCE messages as advertisements. It also may allow consumers to employ software that would filter UCE into a separate folder, or block UCE messages entirely. This provision would thus help empower consumers to control the amount of UCE they receive. Notice that a message is an advertisement or solicitation would impose few, if any, additional costs on senders of UCE; they would merely have to add a few words (or even a few letters) to each message sent. Unlike print or broadcast communications, additional words in e-mail messages do not add to their cost. S. 630 would also require each UCE message to contain a clear and conspicuous notification of an opportunity for the recipient to decline to receive further UCE from the sender. This requirement would benefit consumers by helping them realize that they have a choice about whether they wish to receive additional UCE from a particular sender. Again, this requirement would impose few, if any, additional costs on senders of UCE; as with the identifier requirement, they would only have to add a few words to each message sent. It might also lower the overall volume of unwanted UCE on the Internet, thereby lowering certain cost burdens imposed on providers of Internet access service and potentially passed on to consumers. Finally, S. 630 would require that each UCE message include the physical location of the sender. This provision might produce benefits in the form of enhanced consumer confidence in the legitimacy of senders. In cases where the UCE eventually leads to a transaction, the consumer would have an additional means of contacting the seller if the goods or services are not provided in accordance with the consumer's understanding, or, where applicable, if the consumer wishes to go to a seller's store. It is noteworthy that this provision of S. 630 is consistent with the guidelines of the Organization for Economic Co- operation and Development, which recommend that online businesses disclose their physical address. The Commission has endorsed those guidelines.\32\ F. The Enforcement Scheme. The enforcement scheme laid out by S. 630 likely would work well. It is modeled on similar schemes Congress established for enforcement for the Commission's 900-Number Rule and the Telemarketing Sales Rule in the statutes that mandated promulgation of those Rules.\33\ The enforcement provisions would allow the Commission to treat violations of S. 630 as violations of a rule under Section 18 (15 U.S.C. Sec. 57a) of the FTC Act regarding unfair or deceptive acts or practices. Moreover the Commission's efforts would be supplemented with those of the state Attorneys General, and possibly by other federal agencies with jurisdiction in areas where the FTC has none. This type of dual federal-state enforcement scheme has proved extremely successful in the past, particularly in challenging deceptive and abusive telemarketing practices, and the Commission would expect it to work equally well in this context. G. The Effect on Other Laws [Sec. 7 of H.R. 630]. S. 630 provides an express savings clause for specific enforcement provisions of the Communications Act of 1934 and for federal criminal statutes. This express clause appears to preclude enforcement of most existing federal civil laws that apply to commercial electronic mail, such as the FTC Act's broad prohibition of deceptive advertising, except to the extent specifically provided in S. 630. The Commission believes that S. 630 should not supplant other relevant federal law, and recommends expanding the savings clause to make this clear. H. The Provision That Within 18 Months the Commission Conduct A Study of the Effectiveness and Enforcement of S. 630's Provisions.\34\ A study of the effectiveness and enforcement of S. 630, if enacted with a requirement for such a study, would be based largely on the consumer complaint data from the Commission's UCE database. This database holds more than eight million UCE messages forwarded by consumers and providers of Internet access service. The Commission uses this database to assess the current state of UCE, spot emerging trends, and target its law enforcement efforts on the most serious problems. The Commission would be able to conduct a study on the effectiveness and enforcement of S. 630's provisions. However, 18 months may be too short a time frame for the Commission to effectively research and develop such a study. To meaningfully measure the effect of S. 630, it may be necessary to assess the situation before it goes into effect, and then gather data and information after it goes into effect and businesses have had time to come into compliance. The Commission therefore urges that the time frame for the study be extended to 24 months, in order to enhance the value of the study. The Commission appreciates the opportunity to provide its views on S. 630 and on its efforts against deceptive UCE. I would be happy to answer any questions. END NOTES \1\ The views expressed in this statement represent the views of the Commission. My responses to any questions you may have are my own. \2\ 15 U.S.C. Sec. 45(a). The Commission also has responsibilities under more than 45 additional statutes, e.g., the Fair Credit Reporting Act, 15 U.S.C. Sec. Sec. 1681 et seq., which establishes important privacy protections for consumers' sensitive financial information; the Truth in Lending Act, 15 U.S.C. Sec. Sec. 1601 et seq., which mandates disclosures of credit terms; and the Fair Credit Billing Act, 15 U.S.C. Sec. Sec. 1666 et seq., which provides for the correction of billing errors on credit accounts. The Commission also enforces over 35 rules governing specific industries and practices, e.g., the Used Car Rule, 16 CFR Part 455, which requires used car dealers to disclose warranty terms via a window sticker; the Franchise Rule, 16 CFR Part 436, which requires the provision of information to prospective franchisees; and the Telemarketing Sales Rule, 16 CFR Part 310, which defines and prohibits deceptive telemarketing practices and other abusive telemarketing practices. \3\ The FTC has limited or no jurisdiction over specified types of entities and activities. These include banks, savings associations, and federal credit unions; regulated common carriers; air carriers; non- retail sales of livestock and meat products under the Packers and Stockyards Act; certain activities of nonprofit corporations; and the business of insurance. See, e.g., 15 U.S.C. Sec. Sec. 44, 45, 46 (FTC Act); 15 U.S.C. Sec. 21 (Clayton Act); 7 U.S.C. Sec. 227 (Packers and Stockyards Act); 15 U.S.C. Sec. Sec. 1011 et seq. (McCarran-Ferguson Act). \4\ FTC v. Corzine, CIV-S-94-1446 (E.D. Cal. filed Sept. 12, 1994). \5\ Section 5 of the FTC Act, 15 U.S.C. Sec. 45, authorizes the Commission to prohibit unfair or deceptive acts or practices in commerce. The Commission may initiate administrative litigation, which may culminate in the issuance of a cease and desist order. It can also enforce Section 5 and other laws within its mandate by filing actions in United States District Courts under Section 13(b) of the FTC Act, 15 U.S.C. Sec. 53(b), seeking injunctions, consumer redress, disgorgement, and other equitable relief. Section 18 of the FTC Act, 15 U.S.C. Sec. 57a, authorizes the Commission to promulgate trade regulation rules to prohibit deceptive or unfair practices that are prevalent in specific industries. Courts may impose civil penalties of up to $11,000 per violation of Commission trade regulation rules. \6\ For example, the National Advertising Division of the Council of Better Business Bureaus, Inc., operates the advertising industry's self-regulatory mechanism. \7\ For example, the Rule Concerning Cooling-Off Period for Sales Made at Homes or at Certain Other Locations (the ``Cooling-Off Rule''), 16 CFR Part 429; the Mail or Telephone Order Merchandise Rule, 16 CFR Part 435; the Trade Regulation Rule Pursuant to the Telephone Disclosure and Dispute Resolution Act of 1992 (``The 900-Number Rule''), 16 CFR Part 308; and the Telemarketing Sales Rule Pursuant to the Telemarketing and Consumer Fraud and Abuse Prevention Act, 16 CFR Part 310. \8\ The first of these was held in the fall of 1995, when the Commission held four days of hearings to explore the effect of new technologies on consumers in the global marketplace. Those hearings produced a staff report, Anticipating the 21st Century: Consumer Protection Policy in the New High-Tech, Global Marketplace (May 1996). \9\ This report is available at www.cdt.org/spam. \10\ ``Header'' information, at minimum, includes the names, addresses, or descriptions found in the ``TO:'', ``FROM:'', and ``SUBJECT:'' lines of an e-mail. It also includes the technical description of the route an e-mail has traveled over the Internet between the sender and recipient. \11\ FTC v. Benoit, No. 3:99 CV 181 (W.D.N.C. filed May 11, 1999). This case was originally filed under the caption FTC v. One or More Unknown Parties Deceiving Consumers into Calling an International Audiotext Service Accessed Though Telephone Number (767) 445-1775. Through expedited discovery, the FTC learned the identities of the perpetrators of the alleged scam by following the money trail connected to the telephone number. Accordingly, the FTC amended its complaint to specify the defendants' names. \12\ A similar scheme that used spam was targeted in FTC v. Lubell, No. 3-96-CV-80200 (S.D. Ia. 1996). In that case, the spam urged consumers to call an expensive international number to hear a message that purportedly would inform them about discount airline tickets and how to enter a sweepstakes. \13\ See http://www.nanpa.com/home. \14\ The term ``audiotext services'' describes audio information and entertainment services offered over the telephone through any dialing pattern, including services accessed via 900-number, as well as international and other non-900-number, dialing patterns. \15\ FTC v. Martinelli, No. 399 CV 1272 (CFD) (D. Conn. filed July 7, 1999). Other alleged pyramid schemes that utilized spam have been targets of FTC enforcement action. See, e.g., FTC v. Nia Cano, No. 97- 7947-IH-(AJWx) (C.D. Cal. filed Oct. 29, 1997); In re: Kalvin P. Schmidt, Docket No. C-3834 (final consent Nov. 16, 1998). \16\ FTC v. Consumer Credit Advocates, No. 96 Civ. 1990 (S.D.N.Y. filed Mar. 19, 1996); FTC v. Dixie Cooley, d/b/a DWC, No. CIV-98-0373- PHX-RGS (D. Ariz. filed March 4, 1998). \17\ FTC v. Cliff Cross and d/b/a Build-It-Fast, Civ. No. M099CA018 (W.D. Tex. filed Feb. 1, 1999); FTC v. Ralph Lewis Mitchell, Jr., No. CV 99-984 TJH (BQRx) (C.D. Cal. filed Jan. 29, 1999); FTC v. Frank Muniz, No. 4:99-CV-34-RD (N.D. Fla. filed Feb. 1, 1999); U.S. v. A. James Black, No. 99-113 (M.D. Fla. filed Feb. 2, 1999); FTC v. James Fite, d/b/a Internet Publications, No. CV 99-04706JSL (BQRx) (C.D. Cal. filed April 30, 1999); U.S. v. David Story, d/b/a Network Publications, 3-99CV0968-L (N.D. Tex. filed April 29, 1999); and FTC v. West Coast Publications, LLC., CV 99-04705GHK (RZx) (C.D. Cal. filed April 30, 1999). \18\ FTC v. Para-Link International, No. 8:00-CV-2114-T-27E (M.D. Fla. filed Oct. 16, 2000). \19\ FTC v. Internet Business Broadcasting, Inc., No. WMN-98-495 (D. Md. filed Feb. 19, 1998); United States v. PVI, Inc., No. 98-6935 (S.D. Fla. filed Sept. 1, 1998). \20\ TrendMark International, Inc., Docket No. C-3829 (final consent Oct. 6, 1998) \21\ The distribution and access numbers for these consumer education materials are accurate as of March 31, 2001. \22\ These schemes claim that one can make money sending one's own solicitations via bulk e-mail. They offer to sell one lists of e-mail addresses or software to allow one to make the mailings. What they don't mention is that the lists are of poor quality and that sending bulk e-mail violates the terms of service of most providers of Internet access service. \23\ See Unsolicited Commercial E-mail: Hearing Before the Subcomm. on Telecomm., Trade and Consumer Protection of the House Comm. on Commerce, 106th Cong. (Nov. 1999) (statements of various providers of Internet access service detailing costs and loss of goodwill caused by UCE); Serge Gauthronet & Etienne Drouard, Unsolicited Commercial Communications and Data Protection (Jan. 2001), p. 9. (finding, in this study undertaken by the Commission of European Communities, that the global cost to Internet users may be conservatively estimated at 10 billion Euros ($8.943 billion) annually); See generally the 1998 Report to the Federal Trade Commission of the Ad-Hoc Working Group on Unsolicited Commercial E-Mail (citing several types of costs imposed on consumers and businesses by UCE--intrusion on consumers' privacy, lost opportunity costs, Internet infrastructure costs, access and storage fees, and reputational harms) (available at www.cdt.org/spam). \24\ An action seeking civil penalties for violation of a Trade Regulation Rule promulgated under Section 18 must be forwarded by the Commission to the Department of Justice for filing and litigating. If the Department of Justice declines to file the complaint within 45 days, the Commission, through its own attorneys, may file and litigate the matter. 45 U.S.C. Sec. 56(a). Pursuant to Section 13(b) of the FTC Act, 45 U.S.C. Sec. 53(b), however, the Commission may file and litigate, through its own attorneys, any action seeking injunctive relief, consumer restitution, disgorgement of ill-gotten gains or other equitable remedies without first forwarding the matter to the Department of Justice. \25\ Successful plaintiff states or providers of Internet access service could recover an amount equal to actual damages or statutory damages of up to $10 for each separately addressed unlawful message received by the states' residents, with a maximum of $500,000, and in cases of willful and knowing violations, three times this amount. Recovery of costs and reasonable attorneys' fees would be authorized. Section 6(e) of S. 630 would establish an affirmative defense in cases brought by providers of Internet access service or the states where a defendant can show that it has established and implemented compliance policies and procedures, and that any violation occurred despite good faith efforts to follow those policies and procedures. \26\ 5 U.S.C. Sec. 6102(a)(3)(A). \27\ This bill was introduced on January 3, 2001 by Rep. Heather Wilson, and is titled the ``Unsolicited Commercial Electronic Mail Act of 2001.'' \28\ Cliffdale Associates, Inc., 103 F.T.C. 110, 165, appeal dismissed sub nom., Koven v. F.T.C., No. 84-5337 (11th Cir. 1984). \29\ It is noteworthy that Section 5(m)(1) of the FTC Act, 15 U.S.C. Sec. 45(m)(1), requires the Commission, in actions to recover civil penalties for violations of trade regulation rules, to prove that the defendant violated the rule ``with actual knowledge or knowledge fairly implied on the basis of objective circumstances that such act is unfair or deceptive and is prohibited by such rule.'' Moreover, this provision requires courts, in assessing civil penalties for rule violations, to ``take into account the degree of [the defendant's] culpability, any history of prior such conduct, ability to pay, effect on ability to continue to do business, and such other matters as justice may require.'' \30\ In enforcement actions under Section 5 of the FTC Act the Commission can not seek civil penalties; instead it can seek administrative cease and desist orders, or, in the case of actions in district court under Sections 5 and 13(b) of the FTC Act, equitable remedies--injunctions, disgorgement, or restitution for consumer victims. \31\ In a related context, Congress ensured, in enacting the Telemarketing and Consumer Fraud and Abuse Prevention Act, that the Commission's ability to challenge deceptive telemarketing practices under the FTC Act would remain intact by including a broad savings clause: ``Nothing contained in this chapter shall be construed to limit the authority of the Commission under any other provision of law.'' 15 U.S.C.Sec. 6105(c): \32\ See, http://www.ftc.gov/opa/1999/9912/oecdguide.htm. \33\ Telephone Disclosure and Dispute Resolution Act of 1992 (codified in relevant part at 15 U.S.C. Sec. Sec. 5701 et seq.) and the Telemarketing and Consumer Fraud and Abuse Prevention Act (codified in relevant part at 15 U.S.C.Sec. Sec. 6101-6108). \34\ The House bill, H.R. 718, contains a provision substantially similar to the mandatory study provision of S. 630. Senator Burns. Thank you very much. We've enjoyed your testimony and I have some questions for you. We've been joined on the Committee by Senator Rockefeller. Do you have a statement? STATEMENT OF HON. JOHN D. ROCKEFELLER IV, U.S. SENATOR FROM WEST VIRGINIA Senator Rockefeller. I'm going to put it in the record. [The prepared statement of Senator Rockefeller follows:] Prepared Statement of Hon. John D. Rockefeller IV, U.S. Senator from West Virginia Thank you Mr. Chairman for holding this hearing. As we all know from our constituents, junk e-mail is a serious problem. It is costly to consumers; it is costly to Internet service providers; and it often puts pornography or fraudulent material into our in-boxes. We should find a way to reduce the costs of junk e-mail, while respecting the First Amendment, and the rights of legitimate marketers. I applaud your efforts to bring this matter before the Committee again this year, and to reintroduce legislation. However, I feel that for legislation to be successful it must include several things that are not yet in the bill we are considering. First, we should give regular Americans and businesses the ability to protect themselves from junk e-mail. The bill includes a ``private right of action'' for Internet service providers, but leaves regular Americans and businesses without the ability to go to court if they are injured in violation of the bill. I agree that we should give Internet service providers the right to sue, but why leave the everyday people who have to suffer through junk e-mail everyday with no way to seek redress? That doesn't make sense. Second, we should listen hard to what Mr. Catlett on the second panel has to say about how effective the proposed bill would be in actually stopping illegitimate junk e-mail. This bill should be about consumers--Internet users--first and foremost. If we do not give consumers the tools to stop e-mails they don't want, then the bill will not work. I think that we should start by requiring that every commercial e- mail contain the word ``advertisement'' in the subject line. That way consumers can use technology to filter for them if they wish. Mr. Catlett has several other ideas that we should pay close attention to. I am sorry that I cannot spend more time at the hearing today and I look forward to working with all of you on moving this bill forward. Senator Burns. You're going to put your statement in the record and I'm--Ms. Harrington, do we need legislation to enable you to do the things that should be done with regard to spamming? Ms. Harrington. I think that this proposed bill greatly enhances the FTC's current statutory authority. We don't need legislation to give the FTC the authority to bring enforcement action against deception. However, this legislation makes very specific that certain practices are deceptive so that lightens our prosecutorial burden, if you will, by establishing that as a matter of law it is a deceptive practice to fail to do certain things. And in addition, there are provisions in S. 630, for example the requirement of opt-out, and the requirement that there be a valid return e-mail address and a physical address that probably--that certainly wouldn't be natural remedies that we could obtain in a lawsuit under the FTC Act, so yes, I think there is a need. Senator Burns. How close are you to being up to speed for enforcement of this Act? Ms. Harrington. We're ready. Senator Burns. You're ready. Any additional dollars you'll need? Ms. Harrington. I don't do dollars. [Laughter.] Ms. Harrington. Let me tell you that the FTC has been the leading federal enforcement agency in the area of Internet fraud both in terms of the dollar volume of fraud stopped, the numbers of actions taken. We've done that on a lean budget. Our people are well-trained and ready to go. We have, as I mentioned, an existing database of over 8 million pieces of spam. That is a searchable database and we can search that database to find spam that is not in compliance with certain provisions of this statute if it becomes law, and we're ready to go. Senator Burns. I found the Wall Street Journal article the other day very interesting and pretty eye-opening too. It seems like as soon as the ISPs and the consumers come up with ways to filter out spam, it doesn't take spammers very long to circumvent that other technology. Can you comment right now, the cat and mouse game, and if there's anything the FTC can do and again, do you have the tools to do it? Ms. Harrington. We have decades of experience with fraudsters using new technologies and they are very good at innovating to get around laws and other blocks to their bad practices. I cannot tell you that we can stay a step ahead of them. Senator Burns. We're also running into a lot of spamming in the wireless situation. Ms. Harrington. Right. Senator Burns. Are you equipped there? Ms. Harrington. I think that---- Senator Burns. Is the spamming in the wirless a little bit different than in the wire lines. Ms. Harrington. It is. It's interesting you ask. I just came back from a meeting of an organization called the International Marketing Supervision Network which is a group of consumer protection authorities from over 30 OECD and related countries. I was talking to our colleagues in Scandinavia where wireless is a far more pervasive form of communication technology and I was talking to them specifically about this issue, about wireless spam. I think we have a steep learning curve to get up to speed. We're working on it. We had a workshop about 9 months ago on this issue at the FTC, where we invited industry and law enforcement and consumer groups to come in and talk with us about the technology, about business plans and business models that might use that technology for marketing. I would tell you that the legitimate businesses, both the communications companies and the innovators who are seeking to use the technology, have been very forthcoming and helpful in helping us understand this. But I think we've got a steep learning curve. We can always use more resources. When I say I don't do dollars, I run an enforcement program. We have done everything that we can do to stretch every person's time and every dollar that the Congress has provided to us. I think wireless poses a whole new set of issues again and I think that if there are additional resources to be had, we would make good use of them. And I can also tell you that with the resources we currently have, we are working very hard to understand and stay on top of the technology. Finally, I would say that one difference between our approach to the Internet and now wireless and to the fraudulent and deceptive applications of new technologies--one difference between our approach at the FTC and practically everyone else's approach, I think, is that our decision was to train the entire staff, all of the attorneys, all of the investigators, all of the paralegals on these technologies. So rather than having a unit that is only devoted to the Internet, everybody knows about the Internet, has access to our lab and our tools. And that means we can shift our people really quickly from telemarketing to Internet to wireless back to telemarketing because everybody's trained up. Senator Burns. You mentioned the fact that you had over 8 million complaints on spamming and examples of spamming. Can you give me any kind of a figure on the number or the percentage of those complaints which were out and out fraudulent pieces of spam? Ms. Harrington. Whew, there are two ways of looking at it. Number one, what does the spam say. And I would say that the overwhelming majority of those 8 million pieces of spam make blatantly false statements about earnings, about product performance, something like that. On the other hand, and much to my gratification and ours, we find that the people who forward this spam to us generally don't fall for it. There are certainly exceptions where consumers have lost significant money relying on these spams but we also find that lots and lots and lots of people don't believe it. But they send it to us because we've asked--you know: give us your tired, your poor and your spam. We want this. We want to see what's coming into consumers' mailboxes. We want to organize it and search it, so that we can keep track of what's going on with this marketing medium. Senator Burns. Senator Rockefeller. Senator Rockefeller. Thank you Mr. Chairman. Senator Burns. You're welcome. Senator Rockefeller. We're very courteous to each other. We're good friends. I get a lot of these complaints too from my folks in West Virginia and actually it would be interesting to know the percentage of your folks versus my folks that have home computers, et cetera. We'll compare that at a later date. You're not responsible for that, Ms. Harrington. But one of the concepts which has been put forward is the idea of tagging, you know, labeling something in advertisements and I'm trying to think around in my mind what--you know, I turn on AOL and it sort of--do you have to say something's an advertisement or do people kind of inherently know it's an advertisement just by the way it looks? For example, when I put on AOL I cannot put on AOL without, you know, I hear the you've got mail thing only after I've gotten rid of what is clearly an advertisement for one reason, it's not AOL, which one obviously recognizes. Then second, it looks like an advertisement. If it walks like a duck, et cetera. So my question to you would be, and ISPs I would have to assume might be against that, either because they think it's inconvenient. They get revenue from it although, on the other hand, they also get swamped by it, or some people do, you know, trying to push all this stuff through. Do you think that tagging or labeling something in advertisement, the argument being that while--what is your view on that? Ms. Harrington. With respect to unsolicited commercial e- mail, the proposed bill requires a label that would indicate that it is an advertisement or it is a commercial e-mail. Senator Rockefeller. It would say advertisement. Ms. Harrington. It doesn't specifically say that it has to say advertisement I don't believe. Senator Rockefeller. Well that's what I am trying to get from you. In other words, isn't--I mean there are all kinds of users. I mean it's like, one of the people that I work with and I were talking over here about people using cell phones, and we were trying to figure out how many unnecessary phone calls are made because there are things called cell phones in this world, and we came up with a mutual conclusion of about 50 percent of the phone calls that were made really don't have to be made, but they are there because everybody's got a phone. So, everybody's got an advertisement. My assumption is that they would recognize that. That may be only because I use the Internet and therefore am in a position to recognize it and others might not and might be subject to it, particularly the ones that pop up, you know, in the corner of your screen. They tend to have a special kind of a nature. Then you read them, you don't look for the tag, you just--you look for the body of information to the extent that your eye stays over there, and you know it's an advertisement. So, I just want to get a sense of whether you think it's necessary to label it as such, where those who don't use it as much might be less--or it's fine without it. Ms. Harrington. Well you raise the issue of blurring. And that's an issue that has been central to all media as it becomes used more and more for advertising. We have issues with newspapers in blurring, and you now see in print media typically, that text that looks like it could be editorial text is labeled, advertisement when it is such. We saw that issue with television in blurring---- Senator Rockefeller. It's the same principle there actually, because it's like--I obviously did mean to interrupt you or else I wouldn't have done it. But for example, sometimes countries whose kings or prime ministers are coming over here, do sections. And you're right. In the newspaper, advertisement will be written across the top. But you don't need to see that to know that. It looks like that, because it's got a picture of the king or the prime minister or whatever it is and some beautiful ocean. So, you know it's an advertisement without looking. So I, again, I just want to hone in on the tagging thing. Ms. Harrington. But--one of the beauties of the Federal Trade Commission Act is that it focuses on the reasonable consumer, and what a consumer reasonably understands is something that changes with time, with experience. You posed the question from the standpoint of the consumer who is less familiar with the Internet. And when a medium is new, I think that we need to assume that most consumers are less familiar. So at one point in time, it is deceptive to fail, or it may be deceptive to fail to indicate that something is, in fact, an advertisement, when consumers are very unfamiliar with that. You raised the example, or point to the example of the pop up screen. And you know, I know that we've all seen pop up screens that are in the Microsoft Windows warning or error message format, that are actually advertisements. Are you familiar with that format? And so when you click on the red X to close it out, instead of closing it out, it may take you to an advertisement. Now my view is that, at this point in time, the reasonable consumer who sees a Microsoft Window warning message format in a pop up screen, the reasonable consumer thinks that that is an error or a warning message and doesn't think that it's an advertisement. Now 5 years from now, the reasonable consumer may know, ah-hah. You know, that could be anything. And so, the reasonable consumer is less likely to be misled or deceived. So it really--that is really one of the great strengths of the Federal Trade Commission Act. It's flexible because it focuses in part on what the reasonable consumer understands a representation or a situation to mean, and that changes, as media change, as circumstances change, as times change. Senator Rockefeller. Do you think that this legislation would benefit from sort of a pop up part? Ms. Harrington. Well this legislation is about unsolicited commercial e-mail, and I think that that's a different matter than pop up screens and windows and other---- Senator Rockefeller. No, I'm talking about pop ups that are advertisements. Ms. Harrington. Right. Senator Rockefeller. Not that are something else, you know, or a chat room or anything of that sort. I'm talking about a real advertisement. And you know the way they place those, you go to Netscape and all of a sudden you have something that you're looking at and then you have this great--this perpendicular rectangle hits you in the face and you've got to get rid of it before you can go on. And that's an enormous inconvenience. Ms. Harrington. I think the pop up screens raise a lot of the same issues of deception that false header and router information raises. I think that the method of delivery is different. Spam is delivered one way and pop up screens are programmed really differently and they're programmed to appear on a particular website rather than to be sent out as e-mail. So, I think that the method of delivery is different, and I'm not sure that there is a logical way to marry those two methods of delivery in one bill. That's my, like off the top of my head answer. Senator Rockefeller. As a matter of philosophy are you an opt-in or an opt-out person? Ms. Harrington. Well the Commission's position here is that it supports the opt-out provision in S. 630. Senator Rockefeller. No, but that's not what I asked. I'm trying to get underneath that. I mean, I'm an opt-in person. I think that you have to specifically say I am willing to do this. I want this, as opposed to you're getting it and then, oh, by the way, I think I'll decide to opt-out if I happen to understand what it is. I mean I'm just trying to get it at---- Ms. Harrington. I think that the ISPs offer consumers the choice of--that is depending on which ISP I select, if I'm an opt-in person, I can select an opt-in ISP. If I'm an opt-out person, I can select an opt-out ISP. I personally have selected an opt-in ISP. Senator Rockefeller. OK. Thank you. Now one more question. And that is, the obvious one. Regarding ISPs--fundamentally, computers and the use of them is about consumers. And it's like saying is a car about General Motors or is a car about somebody who drives it. And I tend to think a car is about somebody who drives it, buys it, because it's their property. So the General Motors consideration is there, but it's secondary, to me at least. So that gets you to the so-called, the right to sue thing. And I know that can be an overblown question, and a stereotypical question, but nevertheless it's an interesting one because--and I think that Senator Burns and Senator Wyden and others, Senator Breaux, when they introduced this bill, they introduced it as a platform, not as a final product, because that's the way they usually do things, to get a discussion going and then to try and look at a bill that would be useful. But, isn't that right reserved to ISPs. That is, the right to sue. Shouldn't that be available to consumers and if-- and I'm not asking, saying you have to agree with me, but I'd like to hear your kind of arguments on both sides. Some people say that you would be endlessly lost in litigation and all the rest of it, but I'd just be interested in your views. Ms. Harrington. Well on the one hand, I think that there is no group that has both a stronger interest and greater strength in protecting the interest against spam, unwanted spam, than the ISPs do. And so, unlike your General Motors analogy where there may be a divergence of interest between General Motors' interest and the product owner and driver's interest, I think that the ISP and its customers may have a unified interest here in keeping unwanted e-mails out of consumers' mailboxes. The basis of the unified interest may be different. With the ISP, it goes to the economics and efficiency and reputation of their company. For the consumer, it's the time and nuisance factor of getting all this stuff. But I think the interest is the same. And so on the pro side, you asked me to argue both sides. On the pro side, I would say that here, the ISPs have the same interest as consumers. It's rooted in something different, but the ISPs have more resources to take that interest to court and litigate it. I also think that there is greater efficiency in having the ISP bring the action, because then we have one lawsuit, not 10,000. Senator Rockefeller. And I understand that. But if one of the things about this problem is that it is so incredibly cheap for advertisers. I mean it's just the cheapest thing in the world. You push a button and millions of things go out across the world. Nevertheless, if you've gotten 8 million--I mean the aggregation of that begins to add up to quite a lot, and that implies therefore, revenue. And that revenue, even though it may be much smaller than television or radio or newspapers, nevertheless accrues to the ISPs. So is there anything to be said there? Ms. Harrington. I'm not sure that there is revenue that accrues to the ISPs from the sending of bulk spam. I don't know that. I think, though, to argue the other side of it, that is that there ought to be a right of action on the part of the individual, I would look at a couple of things first. The Telephone Consumer Protection Act of 1991 and 1992, which is enforced by the Federal Communications Commission gives individual consumers a cause of action in State Small Claims Court against telemarketers who call them after they have indicated to the telemarketer that they don't wish to receive calls. So I would take a look at what the experience has been with that statute. I think that that is one of the first or few federal statutes that provides individuals with a right of action to vindicate their rights as consumers in state court, and my belief is that there has not been a glut of lawsuits brought in small claims courts on the part of individual consumers to enforce their rights under that statute. You know, one concern is well, gee, we are opening the floodgates. The FTC does all of its law enforcement work in federal courts and so I have a selfish interest because we are all trying to get speedy resolution of our lawsuits to benefit consumers and get money back. I have a selfish interest in arguing against opening the federal courts to private rights of action by individual consumers because I think that that slows, that that would not be workable. But you know, in this instance, Senator, I think that, that the ISPs and the customers who don't want spam really have an identical interest, and for myself personally, Star Power is my ISP at home, and I'd rather have them go to court to keep spam out of my mailbox than me spending time going to court on my own. Senator Rockefeller. If they would do that, and you indicate you think they would? Yes. It doesn't--it still--if there is a precedent to do so, if there is a precedent by saying consumers can't. Ms. Harrington. Can or cannot? I am sorry. Senator Rockefeller. Cannot, in this bill, and one has to deal with that at some point. But I understand what you are saying, and I appreciate your answers. Thank you, Mr. Chairman. Senator Burns. Senator, the state's attorney generals can do it. And each of the states can do it. On behalf of the consumers--we have been joined by Senator Allen of Virginia. And it is nice to have you here today. Ms. Harrington--and Senator Wyden, where have you guys been all day? Senator Allen. I was at the Foreign Relations Committee meeting. Senator Burns. Good heavens. And we have been joined by Representative Goodlatte of Virginia, and who is working this legislation through the House side and if you would come forward and want to make a statement, why, we would sure entertain that. Senator Wyden, do you have questions for Ms. Harrington? Senator Wyden. Mr. Chairman, since I just walked in, we were negotiating on a variety of the other tech questions, let me catch up a little bit so I am not repetitive, and I'll have some in a moment. Senator Burns. OK. Thank you very much. Ms. Harrington, we look forward to working with you and thank you for bringing some specifics that you think are necessary to make the legislation a little bit better and as far as you are concerned and the FTC. We appreciate those suggestions and we look forward in working with you as we get the final, the final bill out of Committee and move it on. So thank you for coming today, and we look forward to working with you. Thank you. We are joined now by Representative Goodlatte of Virginia, who is working his will or the will of this legislation through the House of Representatives. We welcome you here today, Congressman, and we look forward to your comments. STATEMENT OF HON. BOB GOODLATTE, U.S. REPRESENTATIVE FROM VIRGINIA Mr. Goodlatte. Thank you, Mr. Chairman. Would that that were so, directing my will. I do appreciate the opportunity to testify before the Committee. It is good to be back. You have been generous in inviting me to testify before, and I do have a statement to make a part of the record, and I would offer part of it. Senator Burns. Without objection, so ordered. Mr. Goodlatte. Unsolicited e-mail, especially commercial e- mail such as advertisements, solicitations, or chain letters has become the junk mail of the information age. Jupiter Communications reported that in 1999 the average consumer received 40 pieces of spam. By 2005, that organization estimates that the total is likely to soar beyond 1,600 pieces to the average consumer. These numbers are astounding and while it costs the spammer almost nothing to send, it results in damage to a protected computer and would be punishable by a fine under Title 18 or by imprisonment for up to 1 year. I want to commend you, Mr. Chairman, on the introduction of your own spam legislation that takes a balanced approach to combatting spam by including strong monetary penalties, but does not include a private right of action, an area in which we should proceed with caution in that it could have the effect of discouraging the use of electronic commerce. Because of the complexity surrounding all e-commerce issues like spam, legislation must be carefully balanced to ensure that enforcement mechanisms address real harms without causing damage to the unique advantages provided by the Internet. S. 630 provides law enforcement with the tools they need to combat spam without opening the floodgates to frivolous litigation. Legislation addressing the problem of unsolicited commercial e-mail is greatly needed during this legislative session to protect consumers and Internet service providers from victimization by spam. I look forward to continuing to work with representative Heather Wilson, who has another important bill dealing with this issue in the House, as well as with you, Chairman Burns, and Senator Allen and Senator Wyden, who I know have a great interest in this legislation as well to achieve our common goal of reducing the burden of unwanted e-mail on consumers and Internet service providers, and I thank you for allowing me the opportunity to testify today. Senator Burns. Just, you know, not only I think are we interested in protecting the ability of legitimate commercial entities. I guess financial institutions come to mind that sometimes they use e-mail to inform their clients and customers of changes and updates in company policies. These are actually mandated by law. Would your bill affect their ability to do that in any way? Mr. Goodlatte. Absolutely not. This is designed to facilitate the ease with which businesses do that. Now, there are some concerns raised about other legislation and while I am very supportive of the efforts to push forward in that area with that legislation, I do think there is some fine tuning that needs to be done so that companies can effectively communicate with their customers, policyholders and so on without fear of violating the law. Senator Burns. Well, we thank you for your statement today. We appreciate that very much. I understand you have been spammed, and I think we all have or whatever. I was back in 1955 in the United States Marine Corps, but--those, that is water under the bridge. Mr. Goodlatte. It is great. [The prepared statement of Mr. Goodlatte follows:] Prepared Statement of Hon. Bob Goodlatte, U.S. Representative from Virginia Thank you, Mr. Chairman, for holding this very important hearing. I appreciate the opportunity to appear before the Subcommittee to testify about the need for legislation to address the growing problem of mass unsolicited e-mail, also known as ``spam.'' The Internet is a revolutionary tool that dramatically affects the way we communicate, conduct business, and access information. Electronic-mail has become a powerful medium for commerce and communication by offering an affordable way for people to reach one another with rapid speed and reliable delivery. Marketers have learned to take advantage of this new capability to reach consumers. Many consumers choose to communicate via e-mail with their financial institutions, favorite retailers and other companies with which they form relationships. Millions of individuals and businesses opt to receive communications and notices by e-mail. In order for the Internet to continue to thrive and grow as a medium for commerce, legitimate businesses must be able to responsibly communicate with their customers or consumers who wish to do so. However, unsolicited e-mail, especially commercial e-mail such as advertisements, solicitations or chain letters, has become the `junk mail' of the information age. Jupiter Communications reported that in 1999 the average consumer received 40 pieces of spam. By 2005, Jupiter estimates that the total is likely to soar to 1,600 pieces of spam. These numbers are truly astounding. While it costs the spammer almost nothing to send, unsolicited e-mail messages burden consumers by slowing down their e-mail connections, and cause big problems for the small business owner who is trying to compete with larger companies and larger servers. Even more disturbing are the numerous examples that I receive from my own constituents of the increasing amount of spam that is pornographic in nature. This pornographic spam, opened innocently by the recipient, often disguises the subject of the e-mail and includes a link that takes the recipient to a pornographic web site. E-commerce will never reach its full potential if consumers and their children cannot utilize e-mail without the fear of being unwillingly transported into the seamier side of the Internet. Consumers are not the only ones victimized by spam. In recent instances, unsolicited e-mail transmissions have paralyzed small Internet Service Providers (ISPs) by flooding their servers with unwanted e-mail. Excessive e-mail tie up network bandwidth and monopolize staff resources. This has the potential to do great damage to small ISP companies and the communities they serve. Currently, ISPs are developing programs that require the individual sending the unsolicited message to include a valid e-mail address, which can then be replied to in order to request that no further transmissions be sent. Under these programs, once the individual sending the original e-mail receives a request to remove an address from their distribution list, they are required to do so. However, offending spammers get around this requirement by using the e-mail address of an unsuspecting user to spam others. To address the problem of fraudulent unsolicited e-mail, I have introduced legislation in the House to give law enforcement the tools they need to prosecute individuals who send unsolicited e-mail that clog up consumers' in-boxes: H.R. 1017, the Anti-Spamming Act of 2001. The Anti-Spamming Act would amend the criminal code to address fraudulent unsolicited electronic mail. It would add to the substantive conduct already prohibited under the law, by prohibiting both the intentional and unauthorized sending of unsolicited e-mail that is known by the sender to contain information that falsely identifies the source or routing information of the e-mail. This legislation would subject those who commit such prohibited conduct to a criminal fine equal to $15,000 per violation or $10 per message per violation, whichever is greater, plus the actual monetary loss suffered by victims of the conduct. In addition, prohibited conduct that results in damage to a ``protected computer'' would be punishable by a fine under Title 18 or by imprisonment for up to one year. I commend you, Chairman Burns, on the introduction of your own spam legislation which takes a balanced approach to combating spam by including strong monetary penalties, but does not include a private right of action, an area in which we should proceed with caution in that it could have the effect of discouraging the use of electronic commerce. Because of the complexity surrounding all e-commerce issues like spam, legislation must be carefully balanced to ensure that enforcement mechanisms address real harms without causing damage to the unique advantages provided by the Internet. S. 630 provides law enforcement with the tools they need to combat spam without opening the floodgates to frivolous litigation. Legislation addressing the problem of unsolicited commercial e-mail is greatly needed during this legislative session to protect consumers and Internet Service Providers from victimization by spam. I look forward to continuing to work with Representative Heather Wilson and others in the House as well as with you, Chairman Burns, here in the Senate to achieve our common goal of reducing the burden of unwanted e- mail on consumers and Internet Service Providers. Again, I thank you Mr. Chairman for allowing me the opportunity to testify today and for your continuing efforts to curb spam. Senator Burns. Senator Wyden. STATEMENT OF HON. RON WYDEN, U.S. SENATOR FROM OREGON Senator Wyden. Thank you, Mr. Chairman. It is good to have our friend Bob Goodlatte, who I have had a chance to work with often over the years and I think you know Senator Burns and I have been prosecuting this cause, like you have, for a number of years, and that our bill really tracks your thinking, I think, very closely. I thought we were going to get it passed last session. We didn't quite get it there. I am curious in terms of the House, what is taking place in terms of trying to reconcile the approach that Senator Burns and I have, which you are also very interested in with the Wilson bill and what is the progress of discussions in the House to get that done? Mr. Goodlatte. Well, I think there is a lot of open- mindedness on the part of Congresswoman Wilson, and myself and others on the two Committees, the Commerce Committee and the Judiciary Committee, which have jurisdiction over this issue. The Commerce Committee has passed her bill out of the Committee. The Judiciary Committee is on a 60-day secondary referral of her bill, and it also has my bill before it because my bill is primarily focused on Title 18, which is the jurisdiction of the Judiciary Committee. So it is my hope that in the very near future, we are going to come up with a bill that is agreeable to all sides because I think the differences that divide us are not that great. The private right of action is certainly the biggest thing that we have got to work out. Senator Wyden. We will be working closely with you. It just seems to me what CAN-Spam has been trying to get done, what you have been trying to do is to set out some rules that if you want to send unsolicited marketing e-mail, you have got to play by a set of principles, rules that allow consumers to see where the messages are coming from and to tell the sender to stop. So this is ultimately about consumer empowerment and Senator Burns and I have made that point again and again. We are not interested in interfering with the legitimate e- commerce, the core business activities that are so important in the digital economy, so we will be working with you. Good luck with negotiations because those are essentially the same sort of talks we are having here, and hopefully, we can all hit pay dirt quickly and get this bill on the way to the President. Mr. Goodlatte. Well, I appreciate that, Senator. We look forward to working with you as well, and you are right, commercial e-mails have great potential value to people who want to receive them and we don't want to interfere with that but we do want to have the abusers live by the rules of the road, and that is basically what this is about and giving law enforcement some more tools and Internet service providers some more tools to combat that I think are important. Senator Burns. Senator Allen. STATEMENT OF HON. GEORGE ALLEN, U.S. SENATOR FROM VIRGINIA Senator Allen. Thank you, Mr. Chairman, and let me commend you, Mr. Chairman, for your leadership on this matter. I am very pleased to be a co-sponsor of S. 630 and I associate myself with the bill and the comments from the Senator from Oregon, Mr. Wyden, and it is good to see my good friend from Virginia, Congressman Bob Goodlatte, who is a leader on technology in matters on the House side, and it is important that we all work together on this, and I think this House Resolution 1017 is the closest House companion to your measure in my brief review of the key provisions in the various measures in the House versus your measure. Now, unsolicited commercial e-mail or spam has been a consumer issue for a long time. I thought it only was around since the 1980's, but since you were getting spammed you said in 1950's, I guess you might have---- Mr. Goodlatte. I think his had pineapple on it, though. Senator Allen. Pineapple with some bread around it, or maybe he invented the Internet. Senator Burns. The first CAN-Spam. Senator Allen. They probably didn't bother to take it out of the can if they were throwing it at you because otherwise it wouldn't have any great effect, but nevertheless, the modern term of spamming is an aggravation. I think anybody who has the Internet has been spammed to one extent or another, and it is so aggravating. You log on to your e-mail account and it says you have got mail and of course what you have gotten mail from is some person or entity you have no idea who they are trying to sell you something that you don't want. And then you, of course, have done that after wasting time opening up this irrelevant attachment and also usually, not usually, but a great number of times they say you have Hot Mail, they are saying your account size is too large, and if you do not delete things, they are going, do they give you a list of all the things that you are going to delete? Usually things that you would actually want to have kept in there. Some of them you would almost wish they would delete some of these others. There is always e-mail from your brother or a friend that you would like to keep just for your archives but at any rate, apart from the annoyance of having to delete the piles of unwanted solicitation, Spamming can and does create a lot of problems, cause problems for servers and networks throughout the country. It is also a waste of time. It is a waste of our time at home and it is a waste of time in our offices. The nation--in our nation, our capacity for electronic mail is not unlimited. It is not limitless. That is why you say your account sizes are too large and why it does slow down certain networks. The best example or the worst example from my experience is right here in the U.S. Senate, where e-mail is often delivered late or maybe not at all due to heavy e-mail traffic and its impact on the Senate server, so right here that is the situation. Now, I know the Senate is not unique. And maybe not quite as up to date as some law firms and folks in the private sector, but that happens in the private sector as well where because of these unsolicited, unwanted commercial e-mails it is slowing down productivity in the office, in the businesses, especially a pain for small businesses, and obviously what you have is people wasting time which is wasting lost productivity and you are wasting the capacity, the capacity with these unsolicited junk mails. Now, for these reasons, these are the reasons and I think it is a very balanced approach that the Chairman has taken here on this measure. I chose to co-sponsor what you call the CAN- Spam Act and our esteemed Chairman is obviously fighting a good battle, and here are the key things that that Act will do if we pass it in the Senate and in the House. It will force spammers to act honestly. Now, who could be against that? If you send an unsolicited commercial e-mail you must include true and accurate contact information so consumers can opt-out and stay out. One of the frustrating aspects of this as I said, well, if you don't want any more e-mails or any more solicitations, please click such and such and fill out your information and we won't send it to you any longer. Well, in researching this, that is exactly what they want you to do so then they know hey, this is a live e-mail address so now we can continue pestering that person so it is very aggravating to even have to fill all that stuff out in the first place, and it is particularly annoying if it is actually counterproductive. Second, this CAN-Spam Act will stop the practice of collecting e-mails for the sole purpose of spamming or so- called spotter programs. It will also add enforcement to these provisions to help ensure that an effective deterrent includes severe penalties under the law and I think the legal approaches you are taking is the right approach and very balanced and really, that is the point. This CAN-Spam Bill seeks to balance the interest of Internet consumers with the interests of legitimate e-commerce businesses seeking to utilize online opportunities. I am one who very much likes people to be completely without a lot of regulations, a lot of limits. I very much dislike limits. Nevertheless, you should have honesty. You do need to have consumers informed and people in their own homes ought to be able to control to the best they can what is coming in and clogging up and pestering them on their Internet. And indeed by way of analogy in 1991, the Telephone Consumer Protection Act by law stopped unsolicited junk fax advertising, so in my view by analogy if we can protect fax machines, why not computers as well? So again, Mr. Chairman, I am very happy that you are having this, this hearing. I think you will have a lot of support from people all across America, and I look forward to working with you, Mr. Chairman and other Members, Senator Wyden and others to effectuate a good common sense approach with good balances on privacy, on commerce, but also make sure there is honesty and recourse for people who don't care to be pestered, annoyed or have their e-mail mailbox clogged up. Thank you. Senator Burns. Thank you, Senator. Any more statements? We are going to have our next panel come forward if we could. Mr. Jerry Cerasale, Senior Vice President of Government Affairs, Direct Marketing Association. Mr. Jeremiah S. Buckley, General Counsel, Electronic Financial Services Council here in town. David Moore, President and CEO of 24/7 Media. And Jason Catlett, President and founder, Junkbusters and Harris Pogust of Sherman, Silverstein, Kohl, Rose and Podolsky from New Jersey and David McClure. All make their way to the table and we'll start this discussion. It should be a lively one, and if you could keep your statements to 5 minutes or so or less, if you possibly can, I know you can't limit these Senators. I'll guarantee you that. They get started and then we'll have a few questions. Mr. Cerasale. Thank you for coming today. STATEMENT OF JERRY CERASALE, SENIOR VICE PRESIDENT, GOVERNMENT AFFAIRS, THE DIRECT MARKETING ASSOCIATION INC. Mr. Cerasale. Thank you very much, Senator Burns, and I appreciate the opportunity to be here. I am Jerry Cerasale from the Direct Marketing Association and I ask that my written statement be included in the record. Senator Burns. All of your full statements will be made part of the record today. Mr. Cerasale. Thank you very much. I want to first start out by thanking you and Senator Wyden and your staffs for putting together this bill, S. 630. We think you put a lot of thought into it, and we think that it is an excellent starting point. Let me start with what the DMA is. It has been around since 1917. How we look at the Internet. The Internet is basically another medium, another way to try and reach customers and reach potential customers, so as we look at it, let's, I want to raise where the DMA guidelines have been for all marketing that our members must use. The first thing that you have to do is you don't lie. You tell people who you are. And I think your bill does that. You tell people that you are trying to sell them something, and that is also in your bill. If consumers tell you I don't want to hear any more from you, you have to honor that. That is also in S. 630. And we have gone a little farther at the DMA way back starting in 1972. We had a mail preference service for people who didn't want to receive mail. In 1985, we began a telephone preference service for people who don't want to receive telephone calls and in 2000, we began an e-mail preference service for people who do not want to receive unsolicited e- mail. Our members must use those three services if they happen to use those medium or those media to reach consumers. And so we have a situation where the Direct Marketing Association members believe and use an opportunity for individuals to say I don't want to receive further solicitation. So we think that the basic premises, we think. We know the basic premise in S. 630 is right along the lines of where the DMA has been for a long, long time and we applaud you for that. We specifically also believe in a strong federal standard. This is a borderless communications medium, and we think that a strong federal standard is what makes sense and having the FTC enforce that is an excellent idea, along with allowing the state's attorneys general a role to support in either federal or state court to enforce this bill as well. We think that the strong penalties for fraud are very important. One of the things that happens, especially in an emerging medium, as Eileen Harrington said, is that get rich quick schemes are probably the first to try and reach and use the medium, and we think that anti-fraud devices are very, very important to try and protect confidence in the medium, so we support that. We think that in looking at enforcement, the idea of an opt-out in every commercial e-mail message makes sense. The idea of saying who you are, the idea of not lying in the headers or in the subject line is very, very important. We believe that your bill also protects permission-based marketing, which we think is an emerging response to consumer needs and desires on the Internet. We do have some areas where we think we can tweak that a little bit and we'll gladly be working with your staffs on that to keep permission-based marketing open and free to consumers. The Internet is important. It is a new medium. It is not the answer. It is not going to eliminate other forms of marketing. It has to be integrated within the American economy and system. It can help strengthen the economy. We think marketers have to learn to use it and keep their practices and the principles the same regardless of medium. We think this bill goes along in that way, and we appreciate all your efforts in this endeavor, and I am happy to answer any questions you may have. [The prepared statement of Mr. Cerasale follows:] Prepared Statement of Jerry Cerasale, Senior Vice President, Government Affairs, The Direct Marketing Association Inc. I. Introduction Good afternoon, Mr. Chairman, and thank you for the opportunity to appear before your Subcommittee as it examines unsolicited commercial electronic mail. I am Jerry Cerasale, Senior Vice President of Government Affairs for The Direct Marketing Association, Inc. (``The DMA''). The DMA is the largest trade association for businesses interested in direct, database, and interactive marketing and electronic commerce. The DMA represents more than 4,500 companies in the United States and 54 foreign nations. Founded in 1917, its members include direct marketers from 50 different industry segments, as well as the non- profit sector. Included are catalogers, financial services, book and magazine publishers, retail stores, industrial manufacturers, Internet- based businesses, and a host of other segments, as well as the service industries that support them. The DMA's leadership also extends into the Internet and electronic commerce areas through the companies that are members of The DMA's Internet Alliance and the Association for Interactive Media. The DMA member companies, given their track record in delivering high quality goods and services to consumers, have a major stake in the success of electronic commerce, and are among those most likely to benefit immediately from its growth. The healthy development of electronic commerce depends on consumer trust. It is imperative that the e-mail communications medium earns that trust. The DMA commends the drafters for this legislation. While it is not clear that legislation is imperative at this juncture, we support the efforts of Senators Burns and Wyden. We think that S. 630 takes the appropriate approach for legislation regarding UCE. S. 630 contains many of the elements of what successful legislation in this area should look like. We believe that the requirement that senders of unsolicited commercial electronic mail identify themselves truthfully and provide individuals the ability to opt-out of unsolicited commercial electronic mail messages is essential. Likewise, The DMA is very supportive of maintaining the ability for businesses to send messages to those individuals who have provided affirmative consent and those individuals with which a business has a pre-existing business relationship without such messages being treated as unsolicited commercial electronic mail. We also believe that providing criminal penalties for sending unsolicited commercial electronic mail that contains fraudulent routing information should prove very useful in limiting egregious unsolicited messages. We continue to have some concerns with the definitions of ``initiator'' and ``affirmative consent'' and look forward to working with the members and staff on these issues. There are several topics I wish to focus on in more detail in my testimony today. These are: The DMA's self-regulatory program the e-Mail Preference Service; The need for strong penalties against entities that send fraudulent messages; Federal Trade Commission enforcement of a uniform federal standard; and Permission-based communications. The DMA welcomes this congressional inquiry into these important matters. II. The DMA's e-Mail Preference Service Empowers Consumers With Choice Concerning Receipt Of Unsolicited Commercial E-Mail Mr. Chairman, The DMA is a long time leader in self-regulation and peer regulation. We believe that in the borderless world of electronic commerce self-regulation with effective choice to consumers is the best means of empowering consumers regarding receipt of unsolicited commercial electronic mail, creating and maintaining opportunity for the many exciting new benefits of legitimate marketing in the interactive economy. For this reason, since publishing our electronic commerce guidelines almost 5 years ago, we have supported an industry standard of notice and opt-out for electronic mail marketing communications. More recently, last year we created and launched the e-Mail Preference Service (``e-MPS''). The e-MPS allows individuals to remove their e- mail addresses from Internet marketing lists. This ambitious undertaking is aimed at empowering consumers to exercise choice regarding receipt of UCE, while creating opportunity for the many exciting new benefits of legitimate marketing in the interactive economy. The e-MPS is based on The DMA's very successful Mail Preference Service (``MPS'') and Telephone Preference Service (``TPS'') self- regulatory initiatives. Both of these initiatives represent The DMA's response to consumers' request for choice in the amount of mail and telephone solicitations that they receive. In developing responsible marketing practices for the Internet age, we have adapted this important concept of consumer choice to the Internet medium through the development of e-MPS. As of January 2000, consumers have been able to register for the e- MPS at a special DMA web site. Consumers can use this service, at no cost, to place their e-mail addresses on a list indicating that they do not wish to receive UCE. This service affords consumers with flexibility to determine the types of solicitations they receive. Through this service, individuals can opt-out of business-to-consumer UCE, business-to-business UCE, or all UCE. The e-MPS is part of The DMA's ``Privacy Promise to American Consumers,'' which became effective July 1, 1999. The Privacy Promise requires as a condition of membership in The DMA, that companies, including online businesses, follow a set of privacy protection practices. As part of this promise, all DMA members who wish to send UCE to consumers are required to remove the e-mail addresses of those consumers who have registered with the e-MPS from their lists of consumers to whom they send e-mail solicitations. Those consumers on the e-MPS list will receive no e-mail from DMA members unless they have an established online business relationship with that company. This service also is available to companies that are not members of The DMA so that they too may take advantage of this innovative service and respect the choice of those consumers who choose not to receive UCE. III. Strong Penalties Should Exist To Combat Fraudulent Messages The DMA is particularly sensitive to the practice of sending fraudulent electronic mail messages in which some individuals are engaged, and fully supports a prohibition on this practice. This practice includes the sending of messages with false or fictitious header information. The use of such fraudulent e-mail has no place in a healthy and robust Internet. The sending of bulk fraudulent messages has crashed the networks of Internet service providers. In addition to deceiving consumers, fraudulent e-mail diminishes the reputation of the entire medium, particularly messages sent from the responsible marketers that make up our membership. Ultimately, we believe the sending of fraudulent messages is an area in which legislation is critical, as it is more difficult to prevent fraudulent messages. IV. Sending Of Commercial Messages When Consumer Permission From The Consumer Exists Should Be Outside The Scope Of Any Legislation Consumers often give permission to a company, or request that it pass along their e-mail address to receive information and offers from other service providers in a given category, such as financial services. These consumers have requested information and granted permission, but it may not be specific to a particular initiator. For example, I might indicate that I would like to receive mailings on sales of men's clothing. A variety of different businesses could then send me messages when they have sales at their stores. Such marketing is very beneficial to consumers and to the free flow of commerce. Any legislation should allow such communications. It would burden the free flow of information to such consumers to require that they give specific permission to each ``initiator.'' V. Any Legislation Should Provide Enforcement Of A Uniform Federal Standard The DMA supports the approach taken in the legislation that preempts state law by providing a uniform federal standard. Strong preemption is the appropriate approach in the electronic environment. Differing state regulatory standards for communicating via electronic mail could have the effect of eliminating the inherently global characteristics of the communications, which are in large part responsible for its extraordinary success. It would be impossible for businesses to comply simultaneously with different and potentially inconsistent laws in multiple jurisdictions where individuals to whom they send messages may be located. Often, the business is unaware of the location of the recipient of the message. If businesses were required to comply with the different laws of the 50 states, it would be a tremendous burden on the Internet and could have the result of limiting business offerings. Moreover, a patchwork of state laws, particularly as they affect interstate communications, may ultimately be found unconstitutional. Likewise, we are heartened by the decision not to create a private right of action. Creating a private cause of action would impose substantial burdens on ISPs, resulting in the expenditure of resources both in terms of time and money to defend litigation. Such an approach is unnecessary in light of the fact that the FTC would be empowered to protect consumer rights. Inclusion of a consumer cause of action would create a very substantial bounty for class action lawyers that would produce very substantial damage awards wholly unrelated to the costs imposed by UCE. The legislation must foreclose the possibility of class actions. VI. Conclusion We thank the Members of Congress who have introduced legislation in this area for their thoughtful consideration of such an important issue. We also thank the Chairman and the Subcommittee for the opportunity to express the views of The DMA. We know that Congress and this Subcommittee will continue to monitor this issue closely and we look forward to working with you. Senator Burns. Thank you very much. Jeremiah Buckley, General Counsel, Electronic Financial Services Council. Thank you for coming today. STATEMENT OF JEREMIAH S. BUCKLEY, JR., GENERAL COUNSEL, ELECTRONIC FINANCIAL SERVICES COUNCIL Mr. Buckley. Thank you very much, Mr. Chairman. My name is Jeremiah Buckley, and I am a partner in the Washington office of Goodwin, Procter. I serve as general counsel of the Electronic Financial Services Council, which is an association of technology companies and financial services firms interested in promoting the electronic delivery of financial services. We are pleased to be here and have an opportunity to comment on S. 630. Thinking back to the passage of the E-Sign Act last year, we know this Committee and its staff appreciates the importance of federal legislation in promoting e-commerce. We have enjoyed working with you, Senator Burns, and with you, Senator Wyden, in the past, and we look forward to working with you to make this an excellent piece of legislation. We support the fundamental premise of S. 630, that is that offensive, fraudulent or otherwise harmful UCEs should be prohibited and that consumers should have the ability to control the flow of their e-mail traffic. Achieving these goals is an important step toward assuring that consumers feel comfortable doing business in the electronic medium, a goal that we all share. We believe that the UCE legislation should fit into the framework created by previous e-commerce legislation. Congress has repeatedly endorsed the vision of e-commerce as a national resource. The E-Sign Act recognizes that the Internet is a borderless medium for which it is desirable to have uniform federal rules. S. 630 recognizes that legal uniformity is an important part of e-commerce. It includes a provision in Section 7(b) preempting inconsistent state law. This preemption provision, however, does contain a number of exceptions. In particular, it does not apply to any state trespass, contract or tort law. These types of exceptions, we would caution the Committee, do run the risk of swallowing up the preemption itself. If S. 630 is to fashion a uniform national standard for dealing with spam, it should occupy the field. It should not leave room for the development of a patchwork of legislative and judicial pronouncements at the state level creating a compliance jigsaw puzzle which only the most sophisticated players can solve. Having established that uniform standard, we believe it is appropriate that federal agencies be the ones assigned the responsibility for enforcement policy, and it seems to us this is best because in the course of enforcement, the policies that Congress has articulated will be fleshed out, and we think it is best that agencies which are under the jurisdiction and direction of the Congress have the responsibility for establishing that enforcement policy. States would, of course, continue to have the authority to adopt uniform unfair deceptive acts and practices legislation, as they do now, and under those statutes, they could declare that violations of the provisions of S. 630 constitute violations of state law. If they do, they could also assign to their state attorney general, to private parties, or to other agencies within the state the responsibility for enforcement of their state law. But we think it is wise to keep a demarcation between federal law and state law, between federal enforcement and state enforcement, and we think it is respectful of the legislatures in the states to allow them to establish who will enforce the law within their states. Now let me turn to an issue that legislation does not address, but which we think is vital, preserving the reliability of e-mail communications. Last year's E-Sign Act was a vote of confidence by the Congress in the predictability and reliability of electronic communications. E-Sign would envision that individuals and businesses would be able to contract and conduct their ongoing business electronically. In the nonelectronic world, a third party cannot arbitrarily disrupt contractual arrangements between parties, and E-Sign envisions that this would not happen in the e- commerce world either. However, we are concerned about reports that ISPs in their eagerness to help their subscribers avoid receiving unwanted UCEs may block, in fact, there is evidence that they are blocking, e-mails that subscribers not only want but have specifically contracted to receive as a part of the electronic business relationship created pursuant to E-Sign or prior legislation. This will have a significant negative impact on the potential growth of electronic delivery of financial services and other relationships with e-commerce. S. 630 currently does nothing to prevent this from happening. It is in the interest of all who seek to promote e-commerce to preserve the sanctity of electronic contracts. If the electronic message, which is not a UCE, and is not going to be delivered, at a minimum both the sender and the recipient should be notified by the ISP. We hope to work with the ISPs and with your Committee as appropriate to develop standards to assure reliable delivery of permission-based electronic communications, and we believe this is a goal that is complementary to and as important as getting rid of spam. Certain provisions of your legislation could, as we say in our written testimony, benefit from clarification. If time permitted, I would go into those, and I would be happy to answer questions. We are very pleased to have had the opportunity to comment on this legislation and look forward to working as we have in the past with the Committee staff and with you Senators to perfect this bill. Senator Burns. We are looking forward to working with you also. And we like the idea of bringing specifics to the table, because that is the way we solve some of the problems as this legislation moves along. [The prepared statement of Mr. Buckley follows:] Prepared Statement of Jeremiah S. Buckley, Jr., General Counsel, Electronic Financial Services Council My name is Jeremiah S. Buckley. I am a partner in the Washington office of the law firm of Goodwin Procter, and I serve as general counsel to the Electronic Financial Services Council. The EFSC is an association of technology companies and financial service providers dedicated to promoting the availability and delivery of financial services through electronic commerce. Given this mission, the EFSC is intensely interested in federal legislative developments that could have an effect on e-commerce. For this reason, we are pleased to have the opportunity to comment this afternoon on S. 630, the CAN-spam Act of 2001. The EFSC recognizes that federal legislation is not merely helpful, but sometimes necessary to resolve legal uncertainties and unleash the economic potential inherent in our new e-commerce environment. Thinking back to the passage last year of the Electronic Signatures in Global and National Commerce Act (``E-Sign''), we know that this Committee shares our belief in the benefits of appropriate legislation. We have enjoyed working with Senators Burns and Wyden in the past, and we look forward to working with the Committee and its staff once again in dealing with the very significant issue of unsolicited commercial electronic mail (``UCE''). We agree with the fundamental premise underlying S. 630--that consumers should be protected from misleading, offensive, fraudulent or otherwise harmful UCEs, and that the ability of consumers to control the flow of their e-mail traffic should be respected. Achieving these goals is an important step in assuring that consumers feel comfortable using the electronic medium as a preferred way of doing business, a goal we all share. UCE Legislation Should Fit Into the Framework Created by Previous E-Commerce Legislation Congress has repeatedly endorsed a vision of e-commerce as a national resource. Last year's passage of E-Sign legislation established the parity of electronic and non-electronic communications under federal law. E-Sign recognized that the Internet is a borderless medium, for which federal regulation and uniform federal standards are appropriate. Our specific comments reflect our strong support for this vision of e-commerce as a national resource appropriately subject to a set of uniform national rules designed to encourage the development of e-commerce to its fullest potential. S. 630 recognizes that legal uniformity is important to e-commerce, and for that reason it includes a provision--Section 7(b)--preempting inconsistent state laws. The preemption provision, however, has a number of exceptions: in particular, it does not apply to any state trespass, contract or tort law. This type of exception, we would caution the Committee, runs the risk of swallowing the preemption provision itself. If S. 630 is to fashion a uniform national standard for dealing with spam, it should occupy the field. S. 630 should not leave room for the development of a patchwork of state legislative or judicial pronouncements using tort or trespass theories to create a compliance jigsaw puzzle which only the most sophisticated players can solve. Having established a uniform federal standard, we believe that the appropriate course is to assign to federal agencies the responsibility for enforcing that standard. To the extent that enforcement policy shapes or clarifies the meaning of the provisions of S. 630, it seems to us best to leave that power with agencies which are subject to the jurisdiction and direction of Congress. State attorneys general and private parties should not be assigned enforcement responsibilities in this area as a matter of federal law. While the authority of a state to enact legislation inconsistent with S. 630 would be preempted, states would, of course, continue to have the power to enact unfair and deceptive acts and practices (``UDAP'') statutes, or interpret their current UDAP statutes, so as to define violations of S. 630 as unfair and deceptive practices under state law. In this context, the states would be free to assign enforcement responsibilities for their UDAP statutes to their state attorneys general or such other agencies or private parties as they deem appropriate. It seems to us that this course of action has the advantage of providing a clear line of demarcation between state and federal law and is more respectful of the right of state legislatures to determine how state law will be enforced within a state's boundaries. Need for Clear Definitions Section 5(a)(5)(A) of S. 630 requires that a UCE contain a ``clear and conspicuous . . . identification that the message is an advertisement or solicitation.'' Because of the centrality of this requirement to the purposes of S. 630, we believe that the Committee should consider a more precise definition of what constitutes clear and conspicuous identification. It might be worthwhile for the Committee to consider creating a standard indentifier to appear in the e-mail subject line, to serve as a universal signal that the e-mail is an advertisement. This requirement could then be included in the legislation itself, or provided as an example in the Committee's report. In the absence of such clear guidance, senders of UCEs will be left uncertain as to the efficacy of their compliance efforts. Likewise, we would counsel against the use of undefined terms, such as ``primarily'' to determine the amount of advertising content that defines a ``commercial electronic mail message.'' If, in a communication relating to a transaction with its customers, a firm includes an electronic ``statement stuffer'' alerting the customer to other products or features available to the customer, S. 630 does not establish how much such material will render the communication ``primarily'' advertising. We would recommend that, to avoid this problem, any communication related to a transaction or relationship with an existing customer be excluded from the definition of a ``commercial electronic mail message.'' Preserving the Reliability of E-Mail Communications Last year's E-Sign Act was a vote of confidence by the Congress in the predictability and reliability of electronic communications. E-Sign envisions that individuals and businesses will be able to contract freely through electronic media, without having to worry about the enforceability of contracts that they enter into electronically. It also envisions that business will continue to be conducted electronically after the initial contracts have been signed, with records being freely transmitted in fully electronic relationships if the parties so desire. In the non-electronic world a third party cannot arbitrarily disrupt a contractual arrangement between two parties, and E-Sign envisions that this should not be able to happen in e-commerce either. However, we are concerned about reports that ISPs, in their eagerness to help their subscribers avoid receiving unwanted UCEs, may block e-mails that the subscribers not only want, but have specifically contracted to receive as part of an electronic business relationship. This result would have a significant negative impact on the potential growth of electronic delivery of financial services. S. 630 does nothing to prevent this from happening, and does not even require ISPs to give notice to consumers they intend to block, or that they have blocked, the transmission of e-mail either in general or from particular senders. It is in the interest of all who seek to promote e-commerce to preserve the sanctity of electronic contracts. If an electronic message which is not a UCE is not going to be delivered, at a minimum both the sender and the recipient should be notified by the ISP. We hope to work with ISPs and with your Committee, as appropriate, to develop standards that assure reliable delivery of permission-based electronic communications. We appreciate the opportunity to share our views on S. 630 and the willingness of the sponsors of this legislation and their staffs to work with us and others to assure that the CAN-spam legislation will create clear and workable standards to regulate the transmission of UCEs. Senator Burns. Mr. David Moore, President and CEO of 24/7 Media. New York. STATEMENT OF DAVID MOORE, PRESIDENT/CEO, 24/7 MEDIA Mr. Moore. Good afternoon. I am David Moore. I am the CEO of 24/7 Media, and I'd like to thank Chairman Burns, the Ranking Member, Senator Hollings, Senator Wyden, and Members of the Committee for inviting 24/7 Media to participate today. I would like to begin by commending Senators Burns and Wyden for their leadership in crafting the Unsolicited Commercial E-mail Act of 2001. This bill represents a responsible, common-sense approach to establishing standards for commercial e-mail practices and is an important first step in helping to protect consumers and legitimate marketers from the abuses of spammers. As a leading provider of online marketing and advertising solutions and services, 24/7 Media's clients have included such notable businesses as Reuters, The Economist, USA Today, American Express, Law.com, MSNBC, General Motors, Verizon, AT&T, and The Financial Times, to name a view. We provide a valuable service to consumers by delivering content that they have requested, such as news, newsletters, real-time stock quotes, and other information. The success of the interactive industry lies in the confidence of the relationship among content publishers, service providers, marketers, advertisers, and consumers. We support permission-based communications that empower consumers with notice and choice. The interactive marketing industry has been tainted by the actions of disreputable marketers who use deceptive practices in sending unsolicited commercial electronic e-mail. These marketers, or spammers, should not be allowed to infringe upon or negatively influence the need for legitimate commerce to prosper in the online world. The Committee and Congress should focus on legislation this year that specifically addresses the problem of fraudulent, misleading, forged, and inaccurate e- mail communications. These practices are an encroachment on the rights and privacy of consumers. 24/7 Media, along with other companies, has worked diligently over the past year to establish and to put into effect guidelines and practices that will enable the Internet to prosper as the world's leading communication, educational, and information tool. 24/7 Media has an interest in minimizing spam. We maintain one of the largest, permission-based e-mail databases and generate a significant portion of our revenue from list management and brokerage, as well as from our e-mail service bureau, 24/7 Exactis. We recognize that respecting the privacy rights of consumers will help us sustain our long-term business model. Let me tell you more specifically how we conduct our business. We don't spam. We don't allow our clients to spam. We include a functioning return e-mail address in all e-mail deliveries. We don't use deceptive subject headings. We always provide clear and conspicuous notice for consumers to opt-out. We don't do business with any business that distributes pornography. I am proud to say that 24/7 Media's level of accuracy in delivering the appropriate content to the consumer is exceptional. During a 6-month period last year, 24/7 Exactis received 1 complaint for every 16,000 e-mails delivered. That is .000625 percent. Most client lists in fact generated no complaints at all. We also found that in most instances, if there was a complaint, the complaint was resolved soon after the subscriber was reminded of how the marketer obtained their e-mail address. From 24/7 Media's point of view, the Burns-Wyden bill appropriately focuses on e-mail abuse. These spammers devalue our own efforts and weaken the consumer confidence that is so important for all online businesses to succeed and flourish. We also believe that enforcement mechanisms should deter spammers from encroaching on the privacy of consumers and not penalize legitimate markets who are adhering to the standards. In announcing the introduction of this bill on March 27th, Chairman Burns said, for many people, spam is ruining their online experience and their ability to use e-mail. It is high time for Congress to act to protect consumers from overzealous marketers. I agree with that sentiment, and I invite the rest of our industry to stand behind this effort to support responsible practices and continue to provide value to the consumer. Mr. Chairman and the Committee, I thank you again for the opportunity to participate in today's hearing. This is a complex policy challenge that must accommodate evolving technologies and business models. We look forward to working with you to fine tune this legislation. 24/7 Media remains committed to engaging lawmakers on key policy issues and recognizes that regulation of commercial e-mail practices is only one of many key decisions this Committee will have to sort through in the future. We look forward to continuing to work with you and to be a resource to you as you consider Internet-related policy and work toward our common objective of protecting the rights and privacy of all consumers while at the same time ensuring the long-term viability of the Internet and legitimate web-related businesses. Again, thank you for your time and I look forward to your questions. Senator Burns. Thank you very much. We appreciate your testimony here today, Mr. Moore. What is it 24/7 Media covers 24 hours a day, 7 days a week? Mr. Moore. We are always in business. Senator Burns. Always in business. You know, up in Montana, you know, on the shield of the state patrol is 3-7-77, 3-day, 7-day, 77. We don't know what that stands for. But I will tell you this. It is not a bad idea. That was the number the vigilantes used years ago before we were a state. We were a territory, vigilantes made the law and if you came home and that number was written on your door, you had 24 hours to shuffle along. You know. And they weren't kidding either. They were pretty serious about it. Thank you for coming today. [The prepared statement of Mr. Moore follows:] Prepared Statement of David Moore, President/CEO, 24/7 Media Good Afternoon, I am David Moore, CEO of 24/7 Media. I'd like to thank Chairman Burns and the Ranking Member, Senator Hollings and Members of the Committee for inviting 24/7 Media to participate today and would like to begin by commending Senators Burns and Wyden for their leadership in crafting the ``Unsolicited Commercial E-mail Act of 2001''. This bill represents a responsible, common-sense approach to establishing standards for commercial e-mail practices and is an important first step in helping to protect consumers and legitimate marketers from the abuses of spammers. As a leading provider of online marketing and advertising solutions and services, 24/7 Media's clients have included such notable businesses as Reuters, The Economist, USA Today, American Express, Law.com, MSNBC, General Motors, Verizon, AT&T, The Financial Times, and Disney to name a few. We provide a valuable service to consumers by delivering content they have requested such as news, real-time stock quotes, and other information. The success of the interactive industry lies in the confidence of the relationship among content publishers, service providers, marketers, advertisers, and consumers. We support ``permission-based'' communications that empower consumers with notice and choice. The interactive marketing industry has been tainted by the actions of disreputable marketers who use deceptive practices in sending unsolicited commercial electronic mail. These marketers, or spammers, should not be allowed to infringe upon or negatively influence the need for legitimate commerce to prosper in the online world. The Committee and Congress should focus on legislation this year that especially addresses the problem of fraudulent, misleading, forged and inaccurate e-mail communications. These practices are an encroachment on the rights and privacy of consumers. 24/7 Media, along with other companies, has worked diligently over the past year to establish and put into effect guidelines and practices that will enable the Internet to prosper as the world's leading communication, educational and information tool. 24/7 Media has an interest in minimizing spam. We maintain one of the largest, permission-based e-mail databases and generate a significant portion of our revenue from list management and brokerage as well as from our e-mail service bureau, 24/7 Exactis. We recognize that respecting the privacy rights of consumers will help sustain our long-term business model. Let me tell you more specifically how we conduct our business: We don't spam. We don't allow our clients to spam. We include a functioning return e-mail address in all e-mail deliveries. We don't use deceptive subject headings. We always provide clear and conspicuous notice for consumers to opt-out. We don't do business with any business that distributes pornography. I am proud to say that 24/7 Media's level of accuracy in delivering the appropriate content to the consumer is exceptional. During a 6 month period last year, 24/7 Exactis received 1 complaint for every 16,000 e-mails delivered. Most client lists, in fact, generated no complaints at all. We also found that in most instances, if there was a complaint, the complaint was resolved soon after the subscriber was reminded of how the marketer obtained their e-mail address. From 24/7 Media's point-of-view, the Burns-Wyden bill appropriately focuses on e-mail abuse. These spammers devalue our own efforts and weaken the consumer confidence that is so important for all online businesses to succeed and flourish. We also believe that enforcement mechanisms should deter spammers from encroaching on the privacy of consumers and not penalize legitimate marketers who are adhering to the standards. In announcing the introduction of this bill on March 27, Senator Wyden said: ``. . . Spam could have a significant negative impact on how consumers use Internet Services and e-commerce. This legislation strikes at unscrupulous individuals who use e-mail to annoy and mislead''. I agree with that sentiment and I invite the rest of our industry to stand behind this effort to ``strike out at the unscrupulous'', support best industry practices and continue to provide value to the consumer. Mr. Chairman and the Committee, I thank you again for the opportunity to participate in today's hearing. This is a complex policy challenge that must accommodate evolving technologies and business models. We look forward to working with you to fine-tune this legislation. 24/7 Media remains committed to engaging lawmakers on key policy issues and recognizes that regulation of commercial e-mail practices is only one of many key decisions this Committee will have to sort through in the future. We look forward to continuing to work with you and to be a resource to you as you consider Internet-related policy and work toward our common objective of protecting the rights and privacy of all consumers while at the same time ensuring the long-term viability of the Internet and legitimate web-related businesses. Again, thank you for the time and I look forward to your questions. Thank you. Senator Burns. Mr. Jason Catlett, President and CEO of Junkbusters. Yes, Junkbusters. There you go. Thank you for coming today. STATEMENT OF JASON CATLETT, PRESIDENT/CEO, JUNKBUSTERS CORP. Mr. Catlett. Thank you, Senator. And it is a pleasure to be back before you and Senator Wyden again. I'd like to begin with two issues that you raised. First, the technology arms race that is going on between spammers and largely ISPs who are using technological means to try to abate the amount of spam from their networks before it reaches the spammer's intended recipients. That is a silent battle that goes on continuously and if it were stopped as we have heard earlier testimony suggesting a measure that might do it, this would cause an enormously greater amount of spam to reach the end consumers, so technological means for automatically spam filtering are tremendously important and do a lot of good. However, you are absolutely correct that this is not a solution to the problem. And that ultimately it is essential to have laws to stop the attempts of the spam to be inserted into the network. We heard from Senator Rockefeller about the question of labeling. Is it sufficient to label the material? Well, I can tell you as someone who has written scientific papers on automatic text classification that those methods are always imperfect and even if the spammers were perfectly honest in their labeling of the material, it would still impose an unacceptable burden on the network to try and reject each article after checking the appropriate label. The second point I would like to raise is the issue of wireless spam which indeed has been a problem, particularly in Europe where the technology is at a later stage of adoption, but also in states such as Arizona, where a class action suit on that is underway. I would like to note that trade associations with the wireless industry have come out strongly in favor of an opt-in criteria that you should never receive commercial solicitations to your cell phone unless you have deliberately requested them, and I think that is an admirable position for them to take. I'd like to commend you on the hard work that you have done on spam over a long period of time, and I am sorry to say that in its present form, I don't think that the bill will achieve the goals that it sets out to do. I don't think it will significantly reduce the amount of junk e-mail that is sent, and that two modifications would be necessary in order to have a spam bill that really deserves the name of CAN-spam, and those two were issues raised by Senator Rockefeller. The first is opt-in. The appropriate criterion for e-mail solicitation is opt-in. You should only get e-mail, commercial e-mail if you ask for it, and that is what the majority of people online believe are appropriate. It is also what a large number of consumer groups believe to be appropriate, and it is also the practice as we have heard from David Moore from 24/7 Media is the common industry practice only to send e-mail to people who have asked for it. Almost no legitimate established marketer sends unsolicited commercial e-mail because it is despised by consumers and it is actually against the terms of services of most ISPs. So the first suggestion I would have to you is to make the criterion opt-in. This has worked very well with the Telephone Consumer Protection Act as we have heard discussed for junk faxes and I think that the success of that bill should be an example to us, particularly the provision to do with my second point, which is a private right of action for consumers. The idea of a waterfall of frivolous litigation simply isn't borne out in practice under the Telephone Consumer Protection Act. There is very little litigation on junk faxes. But it is a sufficient amount to discourage businesses systematically violating the law. The idea of not allowing consumers the opportunity to protect their interests and hoping that the ISPs, some of whom are going bankrupt, will spend additional money to go to court for their individual consumers, I think it is very naive. The appropriate thing to do is to give individuals the means to protect their own interests, and that is being done with the junk faxes because of the same situation. This is postage due marketing. Senator Burns. You believe in the vigilantes, too, huh? Mr. Catlett. The consumers should be able to act with the authority of law in an appropriate manner. Some spams do make me want to go to the vigilante state. In fact, I would like to read you a particular spam that I picked out almost at random under a specific criterion. It is a little bit like at a hearing on locust plagues to bring along a single grasshopper and hold it up for the Committee and say this is the problem, but imagine multiplied a million times the problem. It is in the, my prepared statement, but I'll read you briefly this spam. Sex sells really works. ``Why pay to belong to an adult website? When you can own your own for less than the cost of a membership. Anyone with an Internet connection can own an adult website for less than the cost of the next dinner. No experience required. Anyone can sell sex on-line in just minutes.'' I'll spare you the details of how to sign up for this offer, but I'd like to draw your attention to the footer of this e-mail, which is very common. This message is sent in compliance of the new e-mail bill, section 301 paragraph (a)(2)(C) of Senate 1618. It again gives a URL for the website of your colleague, Senator Mikulski. I would like you to imagine perhaps with your folks back at home in Montana when a mother discovers that her teenage son has received this solicitation to establish a pornographic website from the comfort of his own bedroom and then they, this person clicks through to Senator Mikulski's site and sees, this is the legislation, this is in fact Mikulski's bill. It did not pass but spammers still use it and if you pass a junk e-mail bill along the lines of an opt-out, you will get exactly the same situation. You will get the mother saying is it the policy of the United States that spammers may spam? They are going to click through to your website, then click on contact us, and you are going to get questions and letters from your constituents and I wonder how you are going to answer them. With the current form of the Senate bill, would you have to, when the mother asks you, is it true, is what this spammer says true, that it is Okay for him to send this e-mail, would you have to answer something like yes, the spammer can send you as much e-mail as he wants until you tell him to stop, and if they don't stop, if they keep on doing it, then you can't do anything about it yourself. You have to either get your ISP to do something or you have to get the Federal Government department to do something. Now, I don't think that is an answer that your constituents would want to hear. The answer that I think you would want to be able to give to them is something like this. The spammer is lying. My bill made spamming illegal. And it gives you the right to sue people who spam you if they break the law. So the correct policy, I think, and I have made the two key points, is to have an opt-in policy and to have a private right of action for consumers. So the question of opt-in versus opt- out and the private right of action really comes down to if your name goes on this bill and it becomes law, do you want it associated in the spams that are sent out in this case with so much spamming? Senator Burns. Thank you very much. And your full statement will be made part of the record. Mr. Catlett. Thank you, sir. [The prepared statement of Mr. Catlett follows:] Prepared Statement of Jason Catlett, President/CEO, Junkbusters Corp. My name is Jason Catlett, and I am President and CEO of Junkbusters Corp. I'm grateful for this opportunity to speak with you again. Junkbusters is a for-profit company whose mission is to free people from unwanted commercial solicitations through media such as e-mail, physical mail, telephone, and faxes. Since our web site launched in 1996, millions of people have turned to us for information, services and software for stopping junk messages, particularly e-mail. I have worked advising government departments and legislators on e-mail and other privacy issues since 1997. As a technologist--my Ph.D. was in Computer Science--my initial inclination years ago was towards solutions based on technology and administrative processes. But years of practical experience with large numbers of consumers have led me to believe that the essential requirement for the collective protection of privacy is strong rights for the individual. Thanks to the private right of action in the Telephone Consumer Protection Act of 1991, junk faxes are today rare compared to junk e-mail, a result achieved without any vast government bureaucracy, and with little frivolous litigation. In contrast, billions of unwanted e-mail solicitations are sent each day, vexing hundreds of millions of people who feel unable to stop it. This reduces participation in online commerce and erodes the considerable benefits that responsible e-mail marketing offers to consumers and businesses. What is needed to reverse this harm to consumer confidence in the medium is a law establishing an opt-in standard for commercial e-mail, and a private right of action for recipients and network operators. S. 630 would establish an opt-out standard and lacks a private right of action, and in my opinion would not improve the situation it addresses. Before focusing on the specifics of spam, I would like to briefly review the unhappy recent history of online privacy more generally. In the 11 months since I appeared before you in May, the prevailing level of privacy on the Internet appears to have lowered. (Space allows only a few brief examples, for greater detail see http:// www.junkbusters.com/testimony.html on the Web.) Ever more intrusive collection technologies are being rolled out. Profiling companies are continuing development of their Consumer Profile Exchange technology without any committment to observe fair information practices in their use of it. Most ``privacy policies'' offered by companies still offer little privacy, and appear to be getting even worse, according to one longitudinal study by Enonymous. In September Amazon.com substantially weakened its privacy policy. The standards proposed by DoubleClick and a few other online advertising companies and sanctioned by the FTC in July are deplorably low. P3P, which has been billed by some as the pot of privacy gold at the end of the technological rainbow, is now being used by Microsoft as an excuse not to fix the default settings on its next browser that allows tens of millions of web bugs to gather click streams in volumes of billions of clicks per day. At a public workshop run by the Federal Trade Commission in March, the major profiling companies refused to allow people access to their own profiles, or even to provide example profiles. With this background, and with spam as a regular reminder to consumers of the ease with which personal information can be misused and the difficulty of individual redress, few would be surprised by the conclusion that privacy concerns have severely dampened the growth of e-commerce (certainly not any Member of this Committee). Over the past year, its spectacular triple digit growth has dropped to such disappointing levels that many online merchants are struggling to break even, finding difficulty attracting investment, or filing for bankruptcy. Yesterday's Wall Street Journal reported that most U.S. households have never made a purchase online. Of consumers who place items in online shopping carts, the majority are still abandoning the transaction before checkout. Online merchants have known for years that the number one concern here is fear for privacy. Furthermore, Forrester Research has found in extensive polling that concerns about privacy are not being assuaged as people gain more years of experience online. In my own discussions with online marketers whom I know from consulting engagements or from industry conferences, spam is despised as the major cause of damage to consumer confidence and participation. The failure to control spam is the greatest economic tragedy of the Internet age. E-mail marketing conducted in a fair, consensual manner offers enormous benefits to consumers and businesses alike, particularly to small businesses who could not afford the expense of traditional media. As e-mail marketing becomes synonymous with spam--a tragedy because this is unnecessary and avoidable--many consumers are deciding simply not to participate. The right public policy for spam, as with all privacy law, is to give people who participate rights to ensure their personal information is not used unfairly. This promotes both greater participation and better business practices. Almost no reputable marketer routinely sends e-mail on an opt-out basis. (A few have occasionally done so in error; this is perhaps the reason some companies oppose a private right of action, which would hold them accountable for such mistakes.) It is deplorable that certain trade associations such as the Direct Marketing Association are trying to hold the door open for spamming. H. Robert Wientzen, President and CEO of the DMA addressed members at the organization's 1998 conference with the following words: ``Let me begin by recognizing that bulk unsolicited commercial e-mail is not real popular with consumers. And to date, very few of you are employing it. However, we also feel that most of those who push for an opt-in-only regime have very little understanding of the incredibly negative impact it would have on the future use of e-mail as a marketing tool.'' The DMA continues to indulge in its fantasy of cyberspace as a world of free paper, free printing and postage-due delivery of solicitations, failing to realize that if it had its way, consumers would rebel or flee. Opt-in is the right policy for marketing by e-mail, and is consistent with successful legislation on marketing by fax. As in the TCPA, the definition of a commercial message should of course be carefully limited to avoid any impact on non-commercial speech, such as speech about religion or politics. The opt-in approach taken in the TCPA for faxes, cellphones and 800 numbers has as its basis the fact that the recipient may incur costs for receiving the unsolicited message. This is also the case for spam, so the opt-in criterion is therefore equally appropriate. The fact that in some situations recipients appear to incur negligible incremental costs from a specific spam does not change the fundamental fact that spam is postage-due marketing. The TCPA's prohibition against telemarketing calls to cellular telephones is not qualified any exemption for situations such as when the carrier offers the first incoming minute free or where the subscriber has excess minutes available for the particular month. That would be as silly as a spam law that said that people whose Internet service plans include unlimited hours are disqualified from monetary damages. Nor is there any exemption in the TCPA for fax-modems where no paper is consumed, a situation closely resembling junk e-mail. Despite the fact that a spam recipient often cannot produce a specific line item from a bill relating to the spam, costs are being incurred by individuals, as well as being diffused among consumers. Of course in many situations the cost can be quantified, such as on certain usage- based tariffs, or when dialing up from a hotel room. In some cases these direct costs exceed the cost of paper for a junk fax or 15 seconds on an 800 number. Furthermore, spam imposes a hidden tax on all Internet users by increasing network capacity requirements and requiring additional administrative costs at ISPs. I estimate this cost at around one dollar per month for the average subscriber, and billions of dollars per year including institutional buyers of network services. Because ISPs absorb this as a cost of doing business, this expense is not visible to individual consumers, but it is certainly passed on to them. An opt-in policy would reduce this spam-subsidizing tax, lower the cost of Internet access, and stimulate demand for Internet services and e- commerce. A opt-out policy that allows each spammers one free spam is like permitting shoplifters to steal items until each store requests that they cease thieving. It imposes unfair burdens: in both cases, even people who are not directly victimized incur costs through higher prices. More than a million businesses have Internet access; if even 10 percent of them sent a single message to half of online U.S. households over a period of 5 years, the American homes would receive an average of 27 spams per day. The opt-out model is simply inappropriate and unsustainable for the Internet. If opt-out spam were to prevail, e- mail, the killer application of the Internet, would become the application that killed the Internet. Consider an excerpt from an actual spam and imagine the reaction of a constituent in Alaska reading after downloading it via a toll call. (Of course, it's also important to remember that billions like it may have been sent to millions of people, so focusing on a single specimen is rather like examining a single dead grasshopper at a Senate hearing on locust plagues, but imagine your reaction multiplied to an appropriate scale.) Here is the spam: SEX SELLS!!! REALLY WORKS!!! ``Why Pay To Belong To An Adult Web Site When You Can Own Your Own For Less Than The Cost Of The Membership?'' ``Anyone With An Internet Connection Can Own An Adult Web Site For Less Than The Cost Of Their Next Dinner!'' ``No Experience Required! Anyone Can Sell Sex Online In Just Minutes!'' [extraneous detail deleted] This message is sent in compliance of the new e-mail bill: Section 301. Per Section 301, Paragraph (a)(2)(C) of S. 1618, http:// www.senate.gov/\murkowski/commercialemail/ Claims of compliance such as the one at the end of this spam have become all to familiar to Internet users, and have been examined in the Wall Street Journal. A key goal of spammers is to gain an appearance of legitimacy, and many have turned to boasting their compliance even with bills that never became law. Some bills from the current congress may already have been used in this manner. The sponsors of these bills may want to consider how they will respond to irate voters who click through to their congressional web sites. When you receive a letter from a constituent angered by the solicitation sent to her teenage son to become a pornographer from the comfort of his own bedroom, how will you answer her question ``Is this junk e-mail really obeying your law?'' The answer will depend on the kind of bill you pass. As S. 630 stands, you would have to answer something like this: ``Yes. Every spammer can send you at least one spam, and it's up to you to tell each separate spammer to stop. If they don't, you can't do anything about it yourself, you have to hope that a government agency will do something for you.'' Is that answer likely to please your constituents? A better answer, which you could give if you pass an amended or different bill, would be ``The spammer is lying. My bill made spamming illegal, and it gives you the right to sue the spammer if they break the law.'' Of course spammers are less likely to draw the attention of their victims to such a law. But if you pass a weak spam bill, the bill number and your name will surely be cited in vast numbers of junk e- mails for years to come. So when you consider the key questions of opt- in vs opt-out and whether to include a private right of action, think of these two alternatives: Do you want your name to be remembered as the lawmaker who said ``spamming is wrong''? Or do you want it to become the name that launched a trillion spams? I appreciate the opportunity to speak before you today. Now I would be pleased to answer your questions. Senator Burns. Mr. Harris Pogust. Looks like a law firm to me. Mr. Pogust. That's correct, Mr. Chairman. Senator Burns. From New Jersey. Thank you for coming today. Thank you for joining us. STATEMENT OF HARRIS L. POGUST, ESQ., PARTNER, SHERMAN, SILVERSTEIN, KOHL, ROSE AND PODOLSKY Mr. Pogust. I am an attorney from Pennsauken, New Jersey. I work in a small firm which represents over 2000 small businesses in the Philadelphia and southern New Jersey area. Over the last several years, my practice has focused on technology-related issues. It is only because of the disturbing rise in spamming which has begun to cost my clients valuable time and expense that I have become involved with this issue. I am here today, Senators, representing those small business men and women who had suffered commercial loss and other economic damages as a result of the conduct of entities that transmit thousands upon thousands of junk e-mails on a daily basis. This junk mail clogs the Internet and takes up valuable space on my clients' computer systems. Takes up valuable employee time and costs my clients hundreds and in some instances thousands of dollars a year in unnecessary and unwanted expenses. As the Internet has grown, the problem of unsolicited e- mail has increased to the point of where it has become an intolerable burden on my clients, as well as myself. I commend you for identifying this issue as an important concern for the Subcommittee's oversight agenda, yet this is not the first time that Congress has had to address the problem associated with the introduction of new technologies in the workplace. Ten years ago when fax machines first became increasingly prevalent in the offices across the country and on Capitol Hill, Congress enacted the Telephone Consumer Protection Act in response to the overwhelming volume of unsolicited faxes being sent. The TCPA prohibits any person from using any telephone, fax machine, computer or other device to send an unsolicited advertisement to a telephone fax machine. Among other provisions, the law provides a private right of action and there is a broad consensus that the TCPA has certainly curtailed the volume of junk faxes received in this country. In spite of some predictions to the contrary, when this piece of legislation became law, it did not result in a proliferation of litigation. What did occur was that millions of unwanted junk faxes were no longer being sent as the deterrent effect of a private right of action took hold. The concerns addressed in the TCPA are the identical concerns that S. 630 is seeking to address. The TCPA has saved businesses millions of dollars in unwanted overhead expenses and has been a valuable tool in fighting unwanted faxes by allowing a private right of action for damages, as well as injunctive relief. The threat of possible litigation in and of itself has clearly been a deterrent to those whom have thought about violating the junk fax law. While I applaud this Subcommittee's effort to attempt to curb this latest abuse of technology, spam, there is one aspect of the bill that I, along with others, would like to see changed. I am concerned that this bill does not provide a private right of action for many small businesses and individuals who have faced lost time or money due to these unsolicited e-mails filling their in boxes. While I believe Congress must approach this issue in a balanced fashion and I support the comprehensive enforcement measures already proposed in S. 630, I also believe that there will be some cases in which an individual or business must directly seek recovery to address the economic harm they have suffered. The largest Internet service provider, AOL, has estimated that 30 percent of its e-mail is spam. What is the effect of this abuse on the Internet? One result is the system-wide drag on the entire information highway costing the users the most valuable asset they have, their time. Another result is the millions of dollars citizens are collectively paying to their Internet service provider for the increased usage time that is required to read and delete these unwanted e-mails. Unfortunately, under the proposed legislation, there is no way for these businesses and individuals to recoup the money that they have lost and continue to lose related to spam. It is my hope that with further consideration the Subcommittee will provide such a remedy as was done in the case of the TCPA. It may be that on first impression one might surmise that the ISPs are the ones that are most damaged by junk e-mails. They suffer the increased expense in trying to filter out these unwanted e-mails and are required to spend money to provide additional bandwidth to provide optimal service to their end users. But these ISPs already have a way to recoup these additional expenses. They charge their end users. This is exactly what many of the ISPs have done. Netcom Online communications services, a mid-sized Internet service provider, has stated that a conservative estimate of the cost to our customers to support spam is approximately 10 percent of their monthly bill. Customers also pay fees to the ISPs for the additional connect time, as Senator Burns stated in his statement. It is a long distance phone call and the additional time costs the consumer money. Pursuant to S. 630, the ISPs are not only permitted to recoup their additional expenses from the end users, but they are also entitled to sue the entity which sent the unwanted e- mails. Yet what incentive would the ISP have to spend potentially hundreds of thousands of dollars in legal expenses to go after the spammer when they can just charge the end users for this additional cost of doing business? Who is left holding the bag and paying for the millions of dollars in damages which spamming causes? My business clients and the millions of other citizens throughout the country who use the Internet. What recourse did they have for footing this bill? I think the answer is none. The question I have is why? If the concern is that every Internet user will race to the courthouse and file suit against a spammer, such a concern is misplaced. As noted above, the TCPA resulted in a significant reduction in the number of junk e-mails sent without a rush to the courts. Moreover, the Act only provides for recovery of actual damages suffered unless egregious conduct is involved. In May of last year, Senator Lieberman stated spam undermines the viability of the Internet by burdening service providers who are forced to pass on the cost of funding spam to consumers. Our objective is not to strangle the Internet with government regulation or ban spam outright. Rather, we simply set out to give individuals control of their own e-mail accounts and to address the cost shifting problem brought by the proliferation of spam. In this situation, it is critical that consumers be allowed to recover their full actual damages, whether that is the cost to replace a computer, a computer program that has been damaged as a result of excessive spamming or lost earnings resulting from clogged e-mail systems. These are concrete improvable damages. They are not speculative in the least. Since it is impossible for Congress to predict the full range of possible damages suffered by consumers and small businesses, these damages should not be limited and just as in the TCPA to deter egregious behavior, the bill should also include some type of financial penalty for violations of this anti-spam bill. Without such a penalty, the entity sending these unsolicited e-mails might determine that it is financially worthwhile it continue to violate the law so long as they do not reach a volume likely to damage most computers or software. Mr. Chairman, Senator Wyden, thank you again for allowing me to testify here today. I salute your consideration of this important issue and hope it will be possible to ensure that businesses and individual users of the Internet are not made to suffer economic harm without fair and balanced redress. I would be happy to answer any questions you may have. Senator Burns. Thank you and we appreciate your testimony today. [The prepared statement of Mr. Pogust follows:] Prepared Statement of Harris L. Pogust, ESQ., Partner, Sherman, Silverstein, Kohl, Rose and Podolsky Chairman Burns, Senator Hollings and distinguished Senators, it is an honor to appear before you here today. My name is Harris Pogust, and I am an attorney from Pennsauken, New Jersey. I work at a small firm which represents over 2,000 small businesses in the Philadelphia and Southern New Jersey areas. Over the last several years my practice has focused on technology-related issues. It is only because of the disturbing rise in spamming, which has begun to cost my clients valuable time and expense, that I have become involved with this issue. I am here today, Senators, representing those small businessmen and women who have suffered commercial loss and other economic damages as a result of the conduct of entities that transmit thousands upon thousands of junk e-mails on a daily basis. This junk mail clogs the Internet and takes up valuable space on my clients' computer systems, takes up valuable employee time, and costs my clients hundreds, and in some instances thousands of dollars a year in unnecessary and unwanted expenses. As the Internet has grown, the problem of unsolicited e-mails has increased to the point of where it has become an intolerable burden on my clients as well as myself. I commend you for identifying this issue as an important concern for this Subcommittee's oversight agenda. This is not the first time Congress has had to address the problems associated with the introduction of new technologies in the workplace. Ten years ago, when fax machines first became increasingly prevalent in offices across the country, and on Capitol Hill, Congress enacted the Telephone Consumer Protection Act (``TCPA'') (47 U.S.C. Sec. 227) in response to the overwhelming volume of unsolicited faxes being sent. At that time, Congress decided to draw the line and let the senders of these unwanted faxes (in the form of solicitations and other questionable promotions) know that they could not continue their intrusive practices, which were clogging fax lines and wasting costly paper and employee time at small and large businesses alike. The TCPA prohibits any person from using any telephone fax machine, computer or other device to send an unsolicited advertisement to a telephone fax machine. Among other provisions, the law provides a private right of action and there is broad consensus that the TCPA has certainly curtailed the volume of junk faxes received in this country. In spite of some predictions to the contrary, when this piece of legislation became law, it did not result in a proliferation of litigation. What did occur was that millions of unwanted junk faxes were no longer being sent as the deterrence effect of a private right of action took hold. The concerns addressed in the TCPA are the identical concerns that this legislation is seeking to address. The TCPA has saved businesses millions of dollars in unwanted overhead expenses and has been a valuable tool in fighting unwanted faxes by allowing a private right of action for damages and injunctive relief. The threat of possible litigation in and of itself has clearly been a deterrent to those who may have thought about violating the junk fax law. The TCPA allows any person to bring suit in state court to enjoin a violation of the Act and to recover their actual monetary losses from such violations or they may seek a $500.00 penalty for each violation, whichever is greater. Additionally, the courts are authorized to award treble damages for egregious conduct--that is, where there are willful or knowing violations. Unfortunately, the pending legislation provides no such remedy to small businesses and individuals that suffer actual commercial consequences from junk e-mails filling their online mailboxes. While I applaud this Subcommittee's efforts to attempt to curb this latest abuse of technology--spam--there is one aspect of this bill that I, along with others, would like to see changed. I am concerned that this bill does not provide a private right of action for the many small businesses and individuals who have faced lost time or money due to these unsolicited e-mails filling their inboxes. While I believe Congress must approach this issue in a balanced fashion--and I support the comprehensive enforcement measures already proposed in S. 630--I also believe that there will be some cases in which an individual or business must directly seek recovery to address the economic harm they have suffered. The largest Internet service provider, America Online, has estimated that 30 percent of its e-mail is spam. America Online has stated that it was receiving 1.8 million spams per day from one company called Cyber Promotions. This continued until AOL obtained an injunction to stop this practice. Assuming that it takes the normal user 10 seconds to identify and discard a message, the end user was required to pay for 5,000 hours per day of connect time. What is the effect of this abuse of the Internet? One result is the system-wide drag on the entire information highway costing users the most valuable asset they have--their time. Another result is the millions of dollars citizens are collectively paying to their Internet service providers for the increased usage time that is required to read and delete these unwanted e-mails. Unfortunately, under the proposed legislation, there is no way for these businesses and individuals to recoup the money they have lost and continue to lose related to spam. My hope is that, with further consideration, the Subcommittee will provide such a remedy, as was done in the case of the TCPA. It may be that, on first impression, one might surmise that the JSPs are the ones that are most damaged by junk e-mails. They suffer the increased expense in trying to filter out these unwanted e-mails, and are required to spend money to provide additional bandwidth to ensure optimal service to their end users. But, these ISPs already have a way to recoup these additional expenses: charge their end users. This is exactly what many of the ISPs have done. Netcom On-Line Communication Services, a mid-sized Internet service provider, has stated that: ``A conservative estimate of the cost to our customers to support spam is approximately 10 percent of their monthly bill.'' Pursuant to 8.630, the ISPs are not only permitted to recoup their additional expenses from the end user, but they will also be able to sue the entity which sent the unwanted e-mails. Yet, what incentive will the ISPs have to spend potentially hundreds of thousands of dollars in legal expenses to go after the spammer when they can just charge their end users for this additional cost of doing business? Who is left holding the bag and paying for the millions of dollars in damages which spamming causes? My business clients and the millions of other citizens throughout the country who use the Internet. What recourse do they have for footing this bill? None. The one question I have is: ``Why''? If the concern is that every Internet user will race to the courthouse and file suit against spammers, such a concern is misplaced. As noted above, the TCPA resulted in a significant reduction in the number of junk e-mails sent, without a rush to the courts. Moreover, that Act only provides for recovery of actual damages suffered unless egregious conduct is involved. In May of last year, Senator Lieberman stated that: ``Spam undermines the viability of the Internet by burdening service providers who are forced to pass on the costs of fighting spam to consumers. Our objective is not to strangle the Internet with government regulation or to ban spam outright. Rather, we simply set out to give individuals control of their own e-mail accounts and to address the cost-shifting problems wrought by the proliferation of spam.'' In this situation, as well, it is critical that consumers be allowed to recover their full actual damages--whether that is the costs to replace a computer or computer program that has been damaged as a result of excessive spamming, or lost earnings resulting from a clogged e-mail system. These are ``concrete'' and ``provable'' damages--and not speculative in the least. Since it is impossible for Congress to predict the full range of possible damages suffered by consumers and small businesses, these damages should not be limited. And just as in the TCPA, to deter this egregious behavior, this bill should also continue to include some type of financial penalty for violations of this anti-spam bill. Without such a penalty, the entities sending these unsolicited e-mails might determine it is financially worthwhile to continue to violate the law, so long as they do not reach a volume likely to damage most computers or software. Mr. Chairman and Senator Hollings, thank you again for allowing me to testify here today. I salute your consideration of this important issue and hope it will be possible to ensure that business and individual users of the Internet are not made to suffer economic harm without fair and balanced redress. I would be happy to answer any questions that you may have. Senator Burns. And now we will hear from Mr. David McClure, President and CEO of U.S. Internet Industry Association here in town. STATEMENT OF DAVID P. McCLURE, PRESIDENT/CEO, U.S. INTERNET INDUSTRY ASSOCIATION Mr. McClure. Chairman Burns, Senator Wyden, it is a pleasure to be here to discuss with you the subject of unsolicited commercial e-mail and to express the support of our members for S. 630, the CAN-spam Act. I am especially pleased to note that this legislation is the product of two of the most respected technology legislators in the Senate today, yourself and Senator Wyden. We know from our work with you in previous issues that this has always resulted in the creation of well crafted and sensible Internet policy. My name is David McClure. I am President of the U.S. Internet Industry Association, and we are the largest and oldest trade association representing Internet commerce, content and connectivity. For the past 3 years, much of our effort has been taken up with the subject of UCE. In a white paper authored by Jim Butler and Andrew Flake, we outlined the problems that we encountered when we attempted to craft a legislative solution to spam and also the type of legislation that we believe is going to help bring relief to the situation. I don't need to tell you how serious the problem of spam is. Congress already knows this. The Congressional Management Foundation this month released a report that said last year, Congress received 80 million pieces of e-mail, most of it unsolicited bulk e-mail. That is double the previous year. Nonetheless, while I don't need to tell you how serious the problem is, I think we do need to discuss the problems inherent in a legislative solution, and there are really two that we need to address up front. The first is that in terms of sending a single piece of unsolicited commerce e-mail, there is nothing really illegal in the Act, and we may well have some constitutional considerations in attempting to flatly ban it. The second is more interesting in that we really can't define what it is that we are talking about when we say unsolicited commercial e-mail. We think we know what the term ``e-mail'' means, based on today's technology. It will change. I am not certain that we can satisfactorily define what ``unsolicited'' means or even what ``commercial'' means. And a couple of quick examples. Does it mean that Girl Scouts who send out notices to their friends and neighbors of cookies for sale should be sent to jail? Does it mean perhaps that when the Red Cross sends an emergency notice of a need for O positive blood that they are in violation of the law? These are very difficult, difficult questions to answer, and we have struggled with them for 3 years. Nonetheless, in the absence of a legislative solution, without the guidance of the law, we are left in a very difficult situation in which abuses do take place in which trade associations have their electronic newsletters to members routinely blocked, in which members who provide services--and this was referred to in the financial services industry--that they are required under contract and under law to provide, can find those communications blocked in the absence of any guidance. More problematical from our standpoint are the actions of some black listers whose policies have in the past been somewhat arbitrary and have resulted in people being literally blocked from any kind of e-commerce. Good legislation is going to resolve that. In our white paper, we identified what we considered to be four important things the legislation must do. First, it has to let the marketplace do its job. The greatest problem with UCE from our perspective is that it damages the network through its sheer bulk and its timing, but these are mechanical problems that can be resolved. And we believe that these are economic situations that can be resolved, and the market will eventually move to the kind of fee-based process that will resolve the damage to the networks. Once that happens, we expect to see-- when e-mail is no longer free for bulk mailers--we will expect to see the volume decline. Second, let's crack down on fraud. It is estimated that over 90 percent of spam is fraudulent. There is no excuse for this. We have laws and we'll have now a stronger national bill that requires people to identify who they are, where they come from, to use real header information and real subject information. There are always going to be people who will not obey the law. Let's turn the cold light of daylight on every commercial message and woe be to the wicked. I believe that those people who do not obey this law should be punished without mercy. Third, support the acceptable use policies of ISPs. These are well crafted policies. They are contracts that need to be supported, and when that happens, we believe that you'll see ISPs segregate themselves. Some will aggressively filter out all bulk e-mail and their terms of use, their acceptable use policies will notify consumers that that is what they wish to do. Consumers then will have the choice of whether they wish to use this or another ISP. Finally, help marketers understand the word no. One of the problems with direct marketing is that in spite of the very best and well intentioned of legitimate marketers, there is always somebody who doesn't know the meaning of the word no. Opt-out should be simple, pervasive, and permanent. Mr. Chairman, Senator Wyden, we are delighted to see that you have crafted legislation that meets all four of these points, and we believe that it is very important for the Committee now to pass this legislation on to the floor of the Senate to get it passed and move on to the House and put this legislation into effect. We don't believe that it needs extensive rewriting. It doesn't require good-faith exemptions or private rights of action or other major amendments. It needs only the support of this Committee and of the Senate. Thank you. [The prepared statement of Mr. McClure follows:] Prepared Statement of David P. McClure, President/CEO, U.S. Internet Industry Association Chairman Burns, and Members of the Communications Subcommittee, It is my great honor to be invited to testify before you on the subject of Unsolicited Commercial Electronic Mail, and to express the support of our members for S. 630, the ``CAN-spam Act.'' I am particularly pleased to note that this legislation is the product of two of the most respected technology legislators in the United States today, Senator Conrad Burns and Senator Ron Wyden. Our work with these distinguished Members of the Senate on other issues has always resulted in the creation of well crafted and effective Internet legislation. My name is David McClure, and I am President of the U.S. Internet Industry Association, the oldest and largest trade association representing stakeholders in the Internet industry. USIIA was founded by leading companies in the online services industry to represent the interests of individuals and companies that do business on the Internet. Our diversified membership includes Internet service providers from global and national ISPs to small providers serving remote areas nationwide; Internet backbone companies, telephone companies; hardware and software vendors involved in the technologies of the Internet; electronic commerce sites, and service providers to those sites. Our charter is to promote the growth of electronic commerce, content and connectivity through sound public policy and business support. The issue of SPAM For the past 3 years, much of our effort in public policy has focused on the issue of unsolicited commercial electronic mail. In a white paper authored by Jim Butler and Andrew Flake, we outlined the problems encountered in efforts to stop Spam with a legislative solution, and the scope of legislation that we believe will help bring relief. I do not need to tell you how serious the problem of Spam is today. According to a report by the Congressional Management Foundation, the Congress itself suffered from more than 80 million pieces of electronic mail last year, the majority of those being unsolicited bulk mailings that interfered with the operations of Congressional offices and caused real damage to the communications capabilities of this body. A Gartner survey released last week found that on average an employee spends 49 minutes of each work day simply managing e-mail. That is 10 percent of the workday for every employee in every office in America. In spite of this, and in spite of our personal experiences, and the outcry from consumers and their advocates here today, efforts to legislation against unsolicited commercial e-mail suffer from two problems. 1. There is nothing illegal about sending UCE, and it may in fact be largely protected by the First Amendment; and 2. We don't know exactly what the term ``unsolicited commercial e- mail'' means. Certainly, we think we know what ``e-mail'' is--though advancing technology may render even our belief obsolete. I can assure you that we are unable to determine exactly what ``commercial'' should mean in this context, or ``unsolicited,'' either. Does it mean that girl scouts who send notices to their neighbors at cookie time should face jail time? Should the American Red Cross be punished for soliciting emergency donations of O-positive blood? We in this room would all agree that these are not the intent of the law. We, after all, only wish to stop the ``bad spam.'' But I can assure this Committee that even in the absence of such laws, anti-spam efforts are abused every day, causing irreparable damage to legitimate businesses. These include trade associations whose newsletters to their own members are routinely blocked by Spam filters. They include one of our member companies that gives more than one million consumers advance warning of viruses and security threats--but find themselves open to liability suits because those warnings are blocked in the name of preventing Spam. Self-appointed spam blacklisters do not even wait until Spam is sent--they will blacklist your domain, and all of its customers, if they believe that at some future point your service might possibly be used to send Spam. It is vigilante law at its worst. Solutions What then, can this Committee do? Must we abandon all efforts to stop unsolicited commercial e-mail in order to protect the First Amendment? Or must we accept the inefficiency and abuses inherent in efforts to stop any message that any person doesn't wish to read? In short, do we see efforts at a legislative solution fail, as they have for the past 3 years, because we cannot agree on a solution? No. In our white paper of 3 years ago, our association outlined the steps that would provide legislative relief without stumbling over the legitimate rights of communicators or corporations. There are four steps that I would re-state today: Let the marketplace do its job. The greatest problem with UCE from an infrastructure standpoint is that it damages the network through its sheer bulk and poor timing. These are both, though, economic issues. Marketers who want to send their messages through an ISP's servers should pay for the privilege. This is a contractual issue that the market is quite capable of managing. And frankly, once e-mail is no longer free and easy to send, its volume will decrease substantially. Crack down on fraud. It is estimated that over 90 percent of SPAM today is fraudulent. There is no excuse for this. We should have laws that force mailers to identify themselves, using real e-mail addresses, real header information and real contact information whenever they send a solicitation. Shine the daylight on every commercial message, and woe be to the wicked. Punish the lawbreakers without mercy. Support the acceptable-use policies of ISPs. Some ISPs will aggressively filter commercial messages as a service to their subscribers, and those subscribers who desire this service will flock to those ISPs. Others may choose not to block the information, and subscribers will receive what they wish. That is how an open, competitive market works, and the desires of all consumers can be met in this manner. Help marketers understand the word, ``No.'' One of the problems with direct marketing is that in spite of the very best and well-intentioned efforts of legitimate marketers, there is always someone who can't understand the word. Opt-out should be simple, pervasive and permanent. Conclusion Mr. Chairman, and Members of the Subcommittee, I could ask you to craft the kind of legislation that would cover these four points. But that work is already done. In S. 630, we have a very good piece of legislation that will reduce unwanted commercial e-mail and resolve the outstanding legal issues, while still supporting consumer choice and the rights of service providers to run their businesses. We are here today to ask that you give your support to S. 630 as it is today. It does not require re-writing--the industry has had ample time to give input to its authors. It does not require ``good faith'' exemptions, or private rights of action, or any other major amendment. It needs only your support. Mr. Chairman, on behalf of USIIA and its members, and of the Internet community at large, thank you for the opportunity to express our views on this issue. I would be honored to answer any questions you might have at this time. ______ The Effective Control of Unsolicited Commercial E-mail An Internet Policy White Paper By James W. Butler, III and Andrew Flake Introduction As commonly used, the pejorative ``spam'' refers to bulk electronic mailings of a commercial character, and the practice of ``spamming'' is positioned squarely at the center of contemporary debate over the Internet's commercial development, Internet etiquette and individual privacy. For Internet service providers (``ISPs'') especially, the bandwidth commandeered by spamming and the resultant slowdowns in service represent an infrastructure expense of increasing dimensions. At the same time, the law of the Internet remains in some disarray, although courts and even some states have taken initial stabs at regulating spam. This White Paper presents a discussion of the problems inherent in direct electronic marketing from the perspective of both consumers and of the online community and concludes with modest recommendations for salient legislative initiatives. Historical Overview Spam is only one of a host of new legal issues that have arisen around electronic mail, and the term itself has had several incarnations in the online and Internet communities. During the Internet's pre-commercial days, amid the perception of the need to minimize utilization of servers and message traffic to conserve acaUCEic and research resources, ``spamming'' referred to the act of posting an individual message to numerous UseNet Newsgroups. The exact path by which it did so is not known, but at some point the earlier, rather clean definition of ``spam'' evolved to encompass commercial or marketing messages as well. One of the more critical events in the term's migration came with the infamous postings of an attorney who initiated a massive e-mailing in the hopes of soliciting green-card business among immigrants. His multi-posting efforts gained him the permanent enmity of Internet and UseNet users, as did his unwillingness to cease the effort once informed of his breach of Internet manners, or ``Netiquette.'' That violation occurred simultaneously with explosive growth of Internet use among consumers: as they poured onto the Internet in 1994-1996, the sheer number of new users overwhelmed the online community and made the maintenance of the tightly-integrated Internet culture virtually impossible. Despite very strong efforts by experienced Internet users to maintain their traditions and definitions, the communication became garbled, and two Internet conventions (one barring messages with commercial content, the other barring multi-posting of messages) were generally commingled into the general heading ``spam.'' The Terminology of Electronic Messaging Whatever its traditional definitions and usage, the term ``spam'' may today be taken or mistakenly referred to as any one of the following sorts of messages: a message with commercial or marketing content; one that the recipient does not wish to receive, or which is unsolicited; one that the recipient has not specifically authorized in advance of its transmission; or, a message posted multiple times to a single or multiple newsgroups. Accepting the Internet's transition into a commercial entity in which some forms of marketing and sales messages will be accepted and essential, imprecise definitions are counterproductive and serve to limit the development of electronic commerce. Although it is not the intent of this White Paper to alter Internet culture or common usage of terminology, the confusion and imprecision associated with the word ``spam,'' suggest that a more precise labeling would be beneficial. This White Paper will use the term Unsolicited Commercial Electronic mail (``UCE'') to describe the process of directing a commercial message via electronic mail to a selected group of recipients. Scope of the Problem Measured by volume of use, electronic mail is fast approaching more traditional means of communication, including letter-writing and telephone communications. Though abuse of the UseNet messaging system on the Internet is both rampant and detrimental, the current controversy over electronic communication more frequently centers on unsolicited commercial e-mail. UCE is a problem for the Internet, for five reasons: It is inefficient. Presently, with no controls or costs attached to UCE, it is as cost-effective to drop one million pieces of UCE onto an ISP as it is to drop one--though the costs to the ISP are substantial. No production cost is involved in the creation of e-mail intended for UCE distribution--no brochures, artwork, printing or other mechanical costs. In effect, unchecked UCE is a ``free ride'' for marketers and provides them with a disincentive to research, focus or target the list of recipients to insure interest in the products or services presented. It disrupts service. A major mechanical drawback with UCE is that it arrives on the Internet without notice. It slows service for other users, often during peak use hours. In some cases, it has caused wholesale failures of Internet networks. This disruption is frequently aggravated by the fraudulent use of incorrect or non-existent return addresses, which causes the outraged responses of recipients to bounce across the network multiple times as the system attempts to deliver messages that cannot be delivered. It is frequently fraudulent. An Internet culture protective of user anonymity has the unfortunate side effect of creating an environment in which unscrupulous purveyors of UCE can operate. Messages are sent directly to an electronic mailbox, and marketers need not provide information, e.g., business name, physical address, telephone and fax numbers, that would enable consumers to assess the validity of companies. Without greater certainty about company legitimacy, Internet consumers quite rationally become wary of even legitimate marketers. These concerns have contributed to decisions by ISPs to seek judicial protection. There is no effective ``opt-out'' procedure. In the offline world, marketers operate a system that enables consumers to remove themselves from direct marketing lists. While the system is not completely effective, it does exist. In the online world, no such system exists, although numerous efforts to create one have been undertaken. There is no compensation for service. In the offline world, direct marketing subsidizes the U.S. Postal Service and/or telephone companies, effectively paying for itself. In the online world, UCE currently benefits only the originator of the message and does not pay for the burdens it places on the system. UCE provides very little value, e.g., convenient shopping, entertainment value, or consumer information, and Internet service providers bear the brunt of the resource outlay for the infrastructure that enables UCE. Realistically, a mechanism that shares the economic burdens of UCE will more closely mirror the offline world, and will produce stronger efficiencies in the way UCE is handled on the networks. A ``pay as you go'' system would compensate the ISP's who provide the on-and-off ramps for the UCE traffic. Combating the Growth of UCE In recent years, significant progress has been made toward understanding and dealing with the problems associated with UCE. Sanford Wallace, the self-proclaimed ``king'' of the UCE business, stepped down and joined the ranks of those opposing unchecked direct electronic marketing. Major Internet providers such as Earthlink and AOL successfully secured court orders against perpetrators of unwanted UCE. Nonetheless, the current legal situation remains far from clear, and debate rages on among those impacted by and involved with Internet service provision. On one side are individual consumers who do not wish to have their time wasted by having to open and read the first few lines of countless messages in which they have no interest. ISP customers who fall into this group are supported by consumer advocacy groups, as well as by those whose loyalty to the old Internet culture of non-commercialism eschews marketing of any sort. On the other side are the marketers, who believe that they have a clear right to communicate with current and potential customers, regardless of legal trends to the contrary. These marketers are supported by customers who wish to have product and service information, as well as by the Direct Marketing Association and its legion progeny, who fought for similar rights in the use of the mails and in direct telephone solicitation. Individual ISPs straddle the line and await some clear resolution while attempting to cope with UCE's associated costs--these are the online and Internet services that suffer both the wear on their systems from dumping of UCE messages, along with the wrath of the subscribers incensed over wasted time and service slow-downs. These service providers seek additional sources of revenue to keep costs competitive as their business grows, but fear the network damage and other consequences of opening their systems to unwanted UCE. Unsuccessful Initiatives While the two camps (and the companies and individuals stuck in the middle) have generated significant public dialogue, attempts to deal with the very real and escalating problems of UCE have been only partially successful, and generally only in the event that the originator of the UCE can be identified. Initiatives that have proven unsuccessful include: Attempts to claim ownership of the electronic mailbox. Unlike the offline world, where the U.S. Postal Service rather than the consumer owns the mail box, the online industry assumes that each individual owns his or her e-mail box. Although such ownership has not been legally established, the constitutionality of so-called ``receiver restrictions,'' in which consumers are given the right to refuse certain mailings, has been upheld. ``Right to privacy'' claims. There is a perceived ``right'' of consumers to not have to view anything they elect not to view, although no case law substantiates this position. By the same token, however, constitutional free speech does not mean that an individual is obligated to view particular subject matter. Extension of laws prohibiting marketing via facsimile. See, e.g., ``Netizens Protection Act of 1997,'' H.R. 1748, 105th Cong., 1st Sess. (1997). Although the laws that were used to prohibit direct marketing via fax automatically are sometimes believed to extend to electronic mail, this concept overlooks some very fundamental differences in the two systems. For one, fax machines use expensive resources, where electronic mail normally does not, and efforts to build a case based on the time wasted in reading unwanted e-mail have largely been countered by advances in message preview technology and by the move to flat-rate rather than per-minute pricing for Internet and online services. An ``opt-in'' solution, no matter how desirable, may be impractical. Much of the discussion of consumer rights to date has focused on whether UCE should be sent only to those who have specifically requested communications--an ``opt-in only'' solution. This approach, however, would severely limit communication with persons who have not given advance written consent. An ``opt-out'' solution needs strong enforcement mechanisms. The ability of consumers to quickly and easily ``opt-out'' of receiving UCE, will only work if there is a sufficient incentive to keep the opt-out list well-maintained, well- promoted and easily accessible by consumers. Efforts to delineate UCE based on the content of the messages has proven impractical. For example, even the most liberal definitions of ``commercial'' e-mail would prevent announcement to parents of what an elementary school is serving for lunch, since this would clearly be an advertisement of a product for sale. Use of mandatory ``header'' information is counter- productive. Many suggestions have been made regarding an identifying mark or phrase that could be placed in the subject line or at the head of any commercial message, thus allowing e- mail filters to more easily identify and eliminate UCE. While this idea is appealing, it suffers from the definitional problems because filtering systems, at their current level of sophistication, cannot differentiate between UCE and otherwise valid customer mailings. Attempting to have any body, organization or regulation define exceptions to the rule would be unwieldy, and use of extensive identifying information in the first lines of the message would render useless the preview screen technology used by many consumers to rapidly screen messages and their content. Use of a ``pre-existing relationship'' test may not be sufficient. It has been assumed by many in the online community that such a test may be implemented in the near future, under which electronic mailings would be permitted to those customers and other groups with whom the mailer has a ``pre-existing relationship.'' This assumption, however, has led virtually every business that has a web site or advertises via electronic mail to scramble to collect personal information about users as a hedge to show such a relationship. The rampant collection of data in order to prove the relationship has created another crisis in the area of privacy, as was noted by the Federal Trade Commission in its efforts to enforce Internet privacy guidelines. Developing A Framework To merely legislate or regulate UCE out of existence is neither Constitutional nor necessary. Though not yet tested, even unsolicited commercial messages would be subject to constitutional protections if Congress acted to prohibit their dissemination. Such restrictions are better left to Internet service providers, which as private actors may ban distribution of UCE messages on their networks. Still, the industry's efforts with respect to UCE have so far proved only moderately successful. From these efforts, however, has emerged a sense of a viable framework to address its inherent problems. Fraud Prevention Legislation. The extension of regulations and legislation related to fraud to UCE. The trend at the state level is clearly toward regulating the practice of UCE. State legislation, however, must be carefully drafted to avoid constitutional challenge, as the experience of Georgia's UCE fraud statute indicates. Measured Common Law Development. Recognition by the courts that UCE as presently practiced creates a strong adverse impact on the Internet. Specifically, the channeling of hundreds of thousands of pieces of electronic mail through an Internet system at a single time significantly degrades the performance of the network and interferes with other forms of Internet access and communications. Continued Industry Initiatives. The growth of filtering technology for electronic mail. While still crude and relatively ineffective for the larger body of electronic messages, filtering technology has assisted ISPs in taking the first steps toward empowering consumers to automatically reject unwanted solicitations. Any proposed framework will at best be preliminary, with additional time and consideration required for its full effectiveness, but reasoning from the current experience of the online industry, it is certain that the following will be factors in any consistent legislative approach to UCE: The first step is to eliminate fraudulent mailings. The most critical elements of a framework for control of UCE will be unsuccessful if unscrupulous operators are able to flaunt the rules with impunity. At a minimum, electronic mailers should be required to divulge their real identities and return addresses, as well as compliance with other consumer protections laws as appropriate. Although a number of ISPs have imposed guidelines prohibiting the use of their services for the sending of UCE messages, such efforts are far from universal, and the individual policies of an ISP provide no protection against external sources of UCE. The solution must include relief for stress on the networks. Consumer irritation aside, the damage done to the Internet by UCE is very real, and its elimination of this damage must be a central consideration in proposed legislation. At the minimum, a requirement for contractual notification of the Internet service or provider prior to transmission of UCE should be put in place; the market would be best served, however, by an industry-wide financial arrangement, similar to the postage system, to compensate all carriers of the message traffic. A compensation system would have the additional benefit of providing a barrier to entry for unscrupulous spammers. The right of the states to impose more stringent consumer protections should be preserved. State and local laws have provided some of the strongest protections against abusive UCE to date, in part because they have more extensive protections available against business interference and detrimental business practices. The framework for the future should include some assurance that state and local considerations on behalf of Internet services and consumers not be preempted, to the extent that they are more solicitous of consumer interests than any federal statutory cause of action. Federal initiatives should provide a base level of protection for consumers and ISPs, to circumvent the possibility of inconsistent regulation of an entity, the Internet, that is not bounded by geography. Conclusion The continuing popularity of electronic mail (``e-mail'') as a medium of personal and business communication has brought in its wake a host of novel legal issues, among them the extent to which the practice of unsolicited commercial e-mail (``UCE'') may be limited. A compelling need to protect Internet users from unwanted, unnecessary and fraudulent commercial message traffic, as well to protect the infrastructure of the Internet from the problems created by massive postings of messages, either commercial or otherwise, has already seen some courts and state legislatures move to prohibit the practice in its various forms. This White Paper has set forth in summary fashion the historical and legal underpinnings of the debate over UCE, and its conclusion is that federal legislation should be enacted that would (1) provide a minimum of protection for consumers against fraudulent electronic mailings by marketers; and (2) promote a more reasonable allocation of the costs of legitimate UCE toward the direct marketers that are its source. Appendix A: USIIA Policies The U.S. Internet Industry Association opposes any action, program, system or endeavor that corrupts the legitimate use or integrity of the channels of electronic communication. This policy is explicitly stated in paragraph 7 the USIIA Code of Standards, which reads as follows: ``Members shall not knowingly create, acquire, distribute or allow intentional distribution of materials that violate the legitimate use or integrity of the channels of electronic communication, online services, computer systems or their contents.'' Consistent with this policy, USIIA does not support the practices of Multiposting of Messages or Off-Topic Posting of Messages. It is the belief of the Association that persons who deliberately engage in these practices should have their access to the UseNet and other online lists, discussion groups or message bases terminated. This policy is not intended to affect the legitimate act of Cross-Posting of Messages. Similarly, USIIA does not support or condone the communication of information that is deliberately misleading or fraudulent. This is stated in the USIIA Code: ``Members shall not knowingly disseminate false or misleading information and shall act promptly to correct erroneous communications for which he or she is responsible, or which originated from or resides on his or her system.'' USIIA Code of Professional Standards, #8. This section of the Code is interpreted to include messages in which an attempt is made to disguise the commercial nature of the message, those which are fraudulent, those which misrepresent the origination of the sender, and those which are violations of the law at the point of origination. Nothing within the Code, the Bylaws of the Association, its Mission Statement or the will of its members specifically prohibits or discourages the legitimate commercial uses of electronic mail or messaging. Senator Burns. Thank you, Mr. McClure. Senator Wyden. Thank you. Mr. Chairman, I think it is striking now. You and I have put an enormous amount of time into this issue now over the last Congress and this Congress and we thought we were going to get there at the end of the last session, and suffice it to say, I have got a number of questions I want to ask, but my biggest concern here is that we need to act, because people are tired of this. And to just go round and round the mulberry bush with everybody having their own difference just doesn't seem to me to be very constructive. I mean, I would say to Mr. Pogust you know since my days as director of the Gray Panthers, my background has been consumer law and consumer rights. I find it pretty hard to see a private right of action here for a handful of unsolicited e-mails, but to tell you the truth, I could see how you would differ. In other words, something reasonable people can differ on. The problem is that if we just go round and round on all of these, we are never going to get anything done in this Congress so what I want to do is ask just a couple of questions in hopes that we can get a bill here and actually signed into law. Do any of you think that the Burns-Wyden bill is not better than the status quo? Mr. Moore? Do you think that Burns-Wyden is better than the status quo? Mr. Moore. Absolutely. No question about it. Senator Wyden. Mr. Buckley? Mr. Buckley. Yes. Senator Wyden. Mr. Pogust? Mr. Pogust. Yes, but I believe it needs a little work. Senator Wyden. I am going to still just take the yes. Mr. Catlett. I think there is a risk it will worsen the problem rather than improve it, so I am sorry to say. Mr. Cerasale. Senator, yes. Senator Wyden. OK., so we got almost everybody saying that Burns-Wyden, even though we all have differences---- Senator Burns. One-and-one. That is better than all in one. Senator Wyden. All right. That is encouraging. Anybody think that you ought to be able to falsify headers? I can't believe that anybody is in favor of that? I will take that as a United Nations opinion. Everybody here, even though there are differences on the role of opt-out/opt-in thinks that opt-out is a useful pro- consumers principle? Mr. Catlett, you can take the floor. We recognize you are for opt-in and I understand that, but opt-out is better than nothing for the consumer, isn't it? Mr. Catlett. It is better than nothing in an individual case. However, if you apply broadly an opt-out policy, particularly if you preempt state law on this, you will actually increase the number of unwanted solicitations, most likely, so applied broadly, an opt-out policy with preemption may well make the problem worse. Senator Wyden. I am not going to belabor it. I think that is pretty far-fetched. To me, any way you slice it, when people are opting out, they are going to get fewer of those communications, but again, reasonable people can differ and let me just kind of keep going on this. For the DMA folks and Mr. McClure, any sense on what the Burns-Wyden bill would cost to comply with? I mean, we think that these are pretty modest costs, and they would be consistent with free enterprise, you know, principles. Do you all disagree with that? Mr. Cerasale. Not at all. As a matter of fact, our members, if someone says do not send me any more solicitations, they have to follow it already, so that I would say that this fits pretty tight within what our members already have to do. Mr. McClure. We are in agreement, sir. We don't see significant costs. We do, if I may quickly, address the issue that has been raised here repeatedly, and that is that somehow ISPs would not aggressively go after spammers because it costs too much money for them to sue. Certainly if it is going to cost them hundreds of thousands of dollars to sue, it would not cost much less for individual consumers to do so. We believe that ISPs have a very strong record of suing spammers when they have the law on their side. And therefore, we believe that this is a good bill for ISPs and it needs to be passed. We have gone 3 years, sir. It is time to get a bill passed. Senator Wyden. You are singing from my hymnal. Question for the financial services folks. I think you know, I think you all have raised legitimate concerns and to some extent they are not unlike what happened with the electronic signatures bill at the end because this is all new. I mean, if you sat around the Senate Commerce Committee 20 years ago, you never debated this kind of stuff. You were talking about an economy where people in Montana and Oregon were doing the physical movement of goods and you got up in Missoula at 5 o'clock in the morning you ate about 20,000 calories at 5 o'clock in the morning and you did physical labor so this is all new stuff, so we are trying to be sensitive to your concerns. You have indicated you have got some concerns about the enforcement issue, and we are going to try to address those, the role of the Federal Trade Commission and the states and I think we can, we can do that and as you know, some of those issues came up in the electronic signatures bill as well, the role of the Federal Government and the states, but the one that I would like to see if we can make progress on is on the definitions. I want to find out if we are talking about some technical stuff or are we talking about things where there is really a philosophical question. You suggest, for example, that being clear may require, for example, a universal signal that the e-mail is an advertisement, a kind of universal signal. The reason we have taken the approach that we have, Senator Burns and I, Chairman Burns and I, is we are trying to give business a lot of flexibility because we thought that is what business folks were interested in is trying not to have this one-size-fits-all and everybody in Washington, DC running around saying we have got all of the wisdom. Mr. Buckley. I understand your frustration, Senator, as you say---- Senator Wyden. We are trying to be responsive. Mr. Buckley. You say ``let's try to give people flexibility'' and that is something people often want, but in compliance statutes we find clear definition of responsibility is important. I practice law and defend lawsuits and try to advise clients on how to remain compliant. It is a good idea to try to give people a model. It doesn't necessarily eliminate flexibility--you could both retain flexibility and give a model saying ``do it this way and you can be sure to have complied.'' You still have flexibility to comply otherwise, but in an area like this, using standards like ``clear and conspicuous,'' without further definition of what you are talking about. This notice is something that is going to be fairly universal and I hope fairly simple, but you know when you get into what is clear and conspicuous, what's the size of type, where does it have to be located, maybe we ought to have some discussion about that. You know, I don't want to pin people in other industries down where they feel that they need flexibility, but it is awfully helpful to know exactly what Congress has in mind. There is a class action bar lurking out there, and if we don't get some of the changes we have asked with respect to enforcement, we may have challenges to whether something is ``clear and conspicuous'' or not. Even the FTC may conclude we don't agree with your understanding of what clear and conspicuous is. So we think tightening down on the meaning of ``clear and conspicious'' would be helpful. I know precision is not what people are always asking for, but that seems best in this case in our judgment. Senator Wyden. Well, we will work with you and I know Senator Burns has some questions, but I think we ought to get this, get this bill to the White House for signing, for a signing ceremony. I think I have met with almost all of you individually, the financial services folks here recently, Senator Burns has done exactly the same thing, and you know, look, I think the American people say getting spam in their in box is like getting that unidentified stuff in your lunch box, and you didn't order it. You don't know where it comes from, and you are really ticked off. So work with us here to try to resolve these remaining issues because even at this table there is a whole lot more common ground here than there are reasons to go off in your respective corners and come out swinging, which was why I asked that question about the status quo, and we will do our best to be responsive to your concerns and Senator Burns, like a pen from President Bush when this bill gets signed into law, and I would, too, and I thank you, Mr. Chairman. Senator Burns. All I need is one more pen. You bet. All I have is one more question, and I am going to throw it out on the table and let everybody take a shot at it. I referenced the article in the Wall Street Journal on Monday. And it had to do with mass harvesting. Spammers can't survive without a plentiful supply of e-mail addresses, and as I understand it, businesses have sprung up to fulfill that need. They have technology that intrudes on popular websites and gathers thousands and thousands of e-mail addresses to spammers. And they sell and rent those addresses to spammers. The result is that someone who has posted a comment in a chat room or made a winning bid on an online auction, and I am an auctioneer, and I want to sell spurs so they don't send me much, they get on a spam list and they are flooded, absolutely flooded with unwanted messages. And I will tell you, I did sell a pair of spurs on eBay and boy, as soon as that happened, I'll tell you, I just threw my old computer away. I changed my name and everything. That individual's privacy has been invaded and they don't know how it happened. It sours them on the entire business of e-commerce. Do we need to do something about this business of harvesting and do we, and is there a way to amend or how would you recommend that we deal with this situation of harvesting? Mr. Catlett? Mr. Catlett. Thank you, sir. Unfortunately, to ban harvesting would not be effective for the following reason. There is a technology employed now called dictionary spamming which is based on the age-old sales method of guessing so a spammer, for example, has an e-mail address [email protected] so they try sending a spam to [email protected] and the mail server tells them no such address or yes, that is a live one, then they go into John45 and so on and so forth. They also try [email protected] and because people tend to use e-mail addresses which are easy to remember for their friends, they hit on a large number of deliverable addresses. So as deplorable as the practice of scavenging e-mail addresses is, to ban it, even if completely effective, would not solve the core problem. Senator Burns. Any other comments? How do we, how do we deal with these folks who break into commercial organizations and take their list? Mr. Catlett. Well, the Computer Fraud and Abuse Act would already make that illegal, I believe, sir. I am not a lawyer, but---- Senator Burns. Is that correct? Well, that is about all the questions and Senator Wyden and the way you covered this thing, we will, we want to work with you and to move this thing out and find a way that we can find some similar ground on this thing. Senator Allen had some questions, and I am going to allow him to submit those in writing and you can respond either to the Senator or to the Committee. We would appreciate that. And then I have a couple more, but it is getting close to 4:30 and I never work past 4 o'clock. And we have already gone overtime. But I want to thank you for your testimony today. We invited AOL and Yahoo today and they declined to come and before we can, before we can solve some of these problems, we are going to, we have got to have a good, strong representation of the giants of the industry, and I am disappointed in that but nonetheless, we'll be meeting with those folks and continue our communications with you as we work it through the Senate. But I am like Senator Wyden. It is time to move this thing and we plan to do just that as soon as we can. Thank you for coming today. We appreciate it. These proceedings are closed. [Whereupon, at 4:35 p.m., the hearing was adjourned.] A P P E N D I X Prepared Statement of Hon. Ernest F. Hollings, U.S. Senator from South Carolina Today's hearing examines a bothersome consumer issue--that of unsolicited commercial e-mail, also referred to as junk e- mail or spam. With the growth of commerce over the Internet, consumers are being bombarded with junk e-mail advertising various products and services, including get-rich-quick schemes, phone sex lines, and pornographic websites. In light of the bothersome and at times costly nature of junk e-mail, I believe it is appropriate for Congress to address this issue. Since junk e-mail imposes real costs on recipients, it is important that we act to resolve this issue and not simply balance the concerns of competing business interests. For example, an ISP or a business has to expend money and resources when its network crashes because it cannot handle the volume of junk e-mail. Consumers have to expend time and money to delete junk e-mail from their accounts or inform the sender that they do not want to receive future junk e-mails. An opt-out approach in which the recipient has to respond to every junk e-mail and ask the sender not to send any additional junk e-mail is riddled with loopholes. This approach is problematic because in the online world, spammers often do not provide correct addresses and header information. An opt- out system also requires electronic marketers to keep a well- maintained list for all consumers who have opted-out, provide clear information to consumers about what they need to do to opt-out, and ensure that consumers know that they can opt-out of receiving junk e-mail. An opt-out approach also presents difficult questions such as if a consumer opts-out of receiving information from the Gap does that mean that Old Navy, a store owned by the same parent company, can send the consumer junk mail? Also, where a consumer has multiple e-mail addresses, must the consumer opt-out for each e-mail address? I also believe it is important that all consumers have some legal recourse when they are harmed. This means that when a business or consumer suffers damages from having their computer and Internet systems go down because of the volume of junk e- mail, they are able to recover damages. The threat of a lawsuit will help to ensure that senders of junk e-mail take the requisite care when they send junk e-mail. This is an important issue and Congress should take the time to get it right. I welcome the witnesses and look forward to hearing their testimony.