The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Monday, February 05, 2007

Musings on the Phillips vs NetBlue case

I've been taking a random walk through some of the legal documents in the Phillips vs NetBlue case and reading some of the on-line comentary.

For those of you just tuning in, the gist of the case is this: Ritchie Phillips, owner and operator of a small ISP is suing mass marketer NetBlue for spam.

What makes the case interesting is that very little of the spam was sent by NetBlue themselves. Instead, they operate an affiliate program in which other people or companies drive business NetBlue's way and take a cut of the action. NetBlue can then distance themselves from the spam, effectively saying "Hey, not our fault; we told them not to spam." Nudge, nudge, wink, wink.

NetBlue does in fact have an anti-spam policy in writing, but they tend to enforce it very laxly. Choosing, essentially, to wait until a verified complaint comes to them, and then terminating only the affiliate responsible. Evidence in the case suggests that NetBlue in fact only terminates those affiliates who weren't bringing in much money anyway.

NetBlue has been in and out of SpamHaus listings over time, and for a while SpamHaus was working with NetBlue to help them solve their problems. After a while, SpamHaus decided to stop acting as NetBlue's help desk gratis, and to stop playing whack-a-mole. I suspect that they realized that NetBlue had no intention of taking any real action to stop the spam and were simply trying to appease SpamHaus to buy time.

At any rate, this placed Phillips in the position of suing NetBlue not for spam they sent, but for spam that was sent by their agents. This is a trickier case to win, because it means explaining a more complicated system to both judge and jury. It means explaining the mechanism of affiliate spam, redirectors, temporary web sites and so on.

Now there's no doubt that spam was sent, that it probably violated the CAN-SPAM act, and that it was sent on NetBlue's behalf. What remains to be seen is if the dots can be connected clearly enough for the court to see.

NetBlue's court arguments have been very interesting. For example, they've charged that Phillips failed to preserve evidence as is required. In particular, the spams in question often included embedded images and links to redirector pages. Although phillips saved the actual spams themselves, he didn't download the images or capture the contents of the redirector pages. This information would have strengthened the link between NetBlue and the spam.

Phillips responded that requiring an ISP to not only preserve all the spam it received, but to also follow all the links in the spam and preserve copies of the web pages to which it linked would be an impossible burden. In addition, the law only requires that you preserve the evidence you have — which Phililps has done — but does not require that you go out and gather more; it is only necessary to have the evidence sufficient to prove your case. Furthermore, since the images and redirectors were on servers controlled by NetBlue or its affiliates, it is NetBlue which failed to preserve evidence, not Phillips. Finally, Phillips points out that the missing evidence was material which would have helped his case, not NetBlue's.

Anyway, if you'd like to read some of the documentation yourself, it can be found at hypertouch.com. One thing is clear; NetBlue's lawyers intend to fight this and make it expensive for Phillips to pursue.

Other readings:

Labels: ,

2 Comments:

Anonymous Anonymous said...

"What makes the case interesting is that very little of the spam was sent by NetBlue themselves. Instead, they operate an affiliate program in which other people or companies drive business NetBlue's way and take a cut of the action. NetBlue can then distance themselves from the spam, effectively saying "Hey, not our fault; we told them not to spam." Nudge, nudge, wink, wink."

And then

"Now there's no doubt that spam was sent, that it probably violated the CAN-SPAM act, and that it was sent on NetBlue's behalf. What remains to be seen is if the dots can be connected clearly enough for the court to see."

This is flatly in total violation of CAN-SPAM, as evidenced by numerous cases, but most notably in the case of the FTC v. Phoenix Avatar, and Microsoft v. S. Richter.

I recommend reading This [theinternetpatrol.com] and this [Spam Kings Blog].

And I quote:

"CAN-SPAM is 'not limited to those who physically cause spam to be transmitted, but also extends to those who ‘procure the origination’ of offending spam.'"

"...the court reaffirmed a key provision in CAN-SPAM and in Washington State's spam statute: You don't have to push the send button to be liable for illegal spam."

If you run an affiliate program: You are responsible for their actions -- period. If you claim you "didn't know" they were spamming? Too bad. You are responsible. CAN-SPAM is quite explicit. It gets a bad rap because it has loopholes, but this portion of the law is extremely clear and irrefutable. Those two cases are the landmarks and they resulted in several hundreds of thousands of dollars in settlments due precisely to how watertight that law actually is in this regard.

The effect of this has most notably been seen in porn affiliate programs who stand to receive a HUGE amount of heat via spamming affiliates. As such most (not all, certainly, but definitely a lot of the major ones) have extremely harsh policing of their affiliate programs.

Now if only mortgage brokerages would do the same...

SiL

8:15 PM  
Blogger Spam Diaries said...

Hi; thanks for the refernces; I'll add them to the main body of the article.

1:10 PM  

Post a Comment

<< Home