Cem Kaner, J.D., Ph.D.

The Federal Trade Commission is in the midst of hearings on SPAM. Congressional leaders are promising anti-spam legislation. The biggest headline getter at the moment is Charles Schumer’s promise to introduce a national opt-out registry within a few weeks. Actually, such a bill already exists, sponsored by Mark Dayton along with an added bonus, a federal study of software companies’ technical support practices.

I think we need we a national opt-out list as a first level of defense in dealing with spam because the more obvious first line of defense, the spam filter used by your ISP or installed on your machine, subjects you to important risks. These risks arise from electronic communications rules in the Uniform Electronic Transactions Act (UETA) and the Uniform Computer Information Transactions Act (UCITA) .

The problem is that under these bills, if you someone sends you an important legal notice that looks like spam to your ISP’s filter or the one that runs locally in conjunction with your e-mail client, you won’t see it, but you will still be legally accountable for knowing its contents. There are two significant risks here. First, you might ACCIDENTALLY miss some important mail (like a mortgage foreclosure notice). Second, someone who is required by law to send you a notice but doesn’t want you to read it can INTENTIONALLY distribute it in a way that is likely to trigger your spam filter. In both cases, you lose.

SPAM FILTERS: USE THEM AT YOUR OWN RISK

Here are the legal details underlying my claim that under UETA and UCITA, if you someone sends you an important legal notice that looks like spam to your ISP’s filter or your local e-mail filter, you won’t see it, but you will still be legally accountable for knowing its contents. There are two significant risks here. First, you might ACCIDENTALLY miss some important mail (like a mortgage foreclosure notice). Second, someone who is required by law to send you a notice but doesn’t want you to read it can INTENTIONALLY distribute it in a way that is likely to trigger your spam filter. In both cases, you lose.

Let’s start with UCITA, which applies to all transactions (such as sales, licenses, leases) in computer related information (UCITA Section 103(a), 102(a)(10), 102(a)(11), 102(a)(35)). This includes software, digital content (such as electronic books), and internet access contracts.

A typical UCITA transaction will have a shrinkwrapped or click-through contract, presented as you download or install the product. If the vendor wants to send you notices electronically, the contract will include a clause that says it can contact you at the email address you specified when you registered your product.

UCITA-related notices would probably involve the products and services you bought. For example, notices about your domain name (they’re going to sell it to someone else). Or recall notices or class-action settlement notices about their defective products. Or notices involving your payments for the products. Or notices that the software publisher has changed its privacy policy and will be selling information that it downloads from your computer to whoever will buy it.

So the publisher emails you a notice. What are the rules?

Here is what UCITA says about sending a notice:

UCITA 102 (a) (60) “Send” means, with any costs provided for and properly addressed or directed as reasonable under the circumstances or as otherwise agreed, to deposit a record in the mail or with a commercially reasonable carrier, to deliver a record for transmission to or re-creation in another location or information processing system, or to take the steps necessary to initiate transmission to or re-creation of a record in another location or information processing system. In addition, with respect to an electronic message, the message must be in a form capable of being processed by or perceived from a system of the type the recipient uses or otherwise has designated or held out as a place for the receipt of communications of the kind sent. Receipt within the time in which it would have arrived if properly sent, has the effect of a proper sending.

In other words, if they send an email to you in a reasonable format to a reasonable email address, it has been legally “sent.”

Suppose your email address is janedoe@earthlink.net. The message arrives at earthlink, which uses Spaminator, a spam filter.

The vendor sends a message to you, it arrives at earthlink, and Spaminator filters it out. You never receive it at your computer, and, of course, you never see it. Have you received this message? Under UCITA, yes.

Here’s some of the relevant statutory language in UCITA, from Section 102(a):

(a) (28) “Electronic message” means a record or display that is stored, generated, or transmitted by electronic means for the purpose of communication to another person or electronic agent.

(a) (48) “Notice” of a fact means knowledge of the fact, receipt of notification of the fact, or reason to know the fact exists.

(a) (49) “Notify”, or “give notice”, means to take such steps as may be reasonably required to inform the other person in the ordinary course, whether or not the other person actually comes to know of it.

(a) (53) “Receipt” means:
(B) with respect to a notice:
(ii) being delivered to and available at a location or system designated by agreement for that purpose or, in the absence of an agreed location or system:
(II) in the case of an electronic notice, coming into existence in an information processing system or at an address in that system in a form capable of being processed by or perceived from a system of that type by a recipient, if the recipient uses, or otherwise has designated or holds out, that place or system for receipt of notices of the kind to be given and the sender does not know that the notice cannot be accessed from that place.

(a) (54) “Receive” means to take receipt.

(a) (55) “Record” means information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.

UCITA SECTION 214. ELECTRONIC MESSAGE: WHEN EFFECTIVE; EFFECT OF ACKNOWLEDGMENT. (a) [Electronic record effective when received.] Receipt of an electronic message is effective when received even if no individual is aware of its receipt.

You have received the e-mail when it comes into existence in a system you have designated (earthlink), so long as it is in a format (like HTML) that can be processed by a system of earthlink’s.

Suppose the system checks the message, decides incorrectly that it is spam and dumps it. This satisfies the statutory requirement that the message must be capable of being processed by the server’s system, because the system obviously read it, determined it was spam, and dumped it. That’s processing.

The drafters of UCITA had this to say, in the Official Comments to 102(a):

47. “Receive.” This definition distinguishes between performances and notices. As to performances, it corresponds to Uniform Commercial Code § 2-103(1)(e) (1998 Official Text). With respect to notices, a notice is received when a message is delivered to a place designated or held out by the recipient for such notices even if the place is controlled by a third party. Arrival at an appropriate private post office box is receipt even if the addressee does not remove or read the message until later. Similarly, arrival at an appropriate electronic mail address is receipt by the addressee. The definition is met by arrival at a location only if the person holds out that location or system as a place for receiving notices of the kind. Parties often require that notice be to a particular address or person. If parties agree to send notice to a particular e-mail address, arrival at that location suffices; delivery to a different e-mail address does not.

The message must be capable of being processed by an ordinary system of the type involved. This refers to the type of system in its general, reasonably expected configuration and not to an atypical configuration known or knowable only to the party operating the system. Whether the message actually is processed is not relevant to receipt; similarly, a letter placed in a party’s post office box is received even if not opened.

Note that the notice is considered to have been received even if it arrived at a “place [is] controlled by a third party” (like earthlink).

One last flash. Suppose that you buy someothing that is to be delivered to you electronically. The vendor emails you the files, but through a mass-mailing service that triggers your spam filter. You never get the product that you ordered (because it was filtered). Under UCITA, this is your loss. Even though the vendor could send you another copy of the file at no additional cost to itself (other than a processing expense), it is entirely entitled to make you pay for the whole thing all over again.

UCITA SECTION 614. RISK OF LOSS OF COPY.
(a) [General rule.] Except as otherwise provided in this section, the risk of loss as to a copy that is to be delivered to a licensee, including a copy delivered by electronic means, passes to the licensee upon its receipt of the copy.

Now let’s consider the Uniform Electronic Transactions Act.

UETA applies to a much wider range of transactions, almost everything. Here is its scope:

SECTION 3. SCOPE.

(a) Except as otherwise provided in subsection (b), this [Act] applies to electronic records and electronic signatures relating to a transaction.

(b) This [Act] does not apply to a transaction to the extent it is governed by:

(1) a law governing the creation and execution of wills, codicils, or testamentary trusts;

(2) [The Uniform Commercial Code other than Sections 1-107 and 1-206,

Article 2, and Article 2A];

(3) [the Uniform Computer Information Transactions Act]; and

(4) [other laws, if any, identified by State].

(c) This [Act] applies to an electronic record or electronic signature otherwise excluded from the application of this [Act] under subsection (b) to the extent it is governed by a law other than those specified in subsection (b).

(d) A transaction subject to this [Act] is also subject to other applicable substantive law.

Therefore, a much wider range of notices might be sent under UETA than UCITA.

There is a parallel federal law, governing Electronic Signatures in Global and National Commerce (ESIGN) (15 United States Code Section 7001). ESIGN lays out a set of rules that apply in states that have not adopted UETA or that have adopted UETA with substantial modifications. ESIGN supplies a narrower set of rules than UETA, primarily adding consumer protections. However, in states that have adopted UETA, unless the state legislature incorporates ESIGN’s protections (as several have), the additional ESIGN terms may not (appear not to) apply. See this analysis by the National Consumer Law Center: Presentation to the Attorneys General on The Dynamics of Consumer Protection In Light of UETA and E-Sign, May 8, 2001.

ESIGN Section 7003(b) The provisions of section 7001 of this title shall not apply to–
(1) court orders or notices, or official court documents (including briefs, pleadings, and other writings) required to be executed in connection with court proceedings;
(2) any notice of–
(A) the cancellation or termination of utility services (including water, heat, and power);
(B) default, acceleration, repossession, foreclosure, or eviction, or the right to cure, under a credit agreement secured by, or a rental agreement for, a primary residence of an individual;
(C) the cancellation or termination of health insurance or benefits or life insurance benefits (excluding annuities); or
(D) recall of a product, or material failure of a product, that risks endangering health or safety; or

(3) any document required to accompany any transportation or handling of hazardous materials, pesticides, or other toxic or dangerous materials.

So, for example, in an ESIGN state or a UETA state that adopts ESIGN or the protections contained in ESIGN, you don’t have to worry about receiving a mortgage foreclosure notice by electronic mail. But there are plenty of other notices that you might receive.

And in a UETA state that does not adopt ESIGN, just look at that list, above. You could probably be sent notices about any of these things.

A HYPOTHETICAL EXAMPLE OF UETA IN ACTION: Suppose you buy a television, which was defectively designed. Under pressure, the manufacturer agrees to send notices to customers offering free replacements to a better model. Of course, customers are not required to take advantage of this offer. If the manufacturer is lucky, relatively few customers will upgrade. When the non-upgraders’ TVs wear out later, prematurely, the manufacturer will be in a good position to say to them that they had an opportunity to upgrade and it is their fault that they are getting no compensation for the bad product today.

The vendor will be able to send its notices electronically to any customer who bought the TV electronically (supplying their e-mail address in the process). They can do this in states where UETA applies, whether ESIGN also applies or not.

Here’s UETA’s statutory language that authorizes electronic communication with these customers:

UETA SECTION 5. USE OF ELECTRONIC RECORDS AND ELECTRONIC
SIGNATURES; VARIATION BY AGREEMENT. (b) This [Act] applies only to transactions between parties each of which has agreed to conduct transactions by electronic means. Whether the parties agree to conduct a transaction by electronic means is determined from the context and surrounding circumstances, including the parties’ conduct.

Here is the most relevant part of the UETA Drafting Committee’s Official Comment explaining Section 5:

D. Among the circumstances to be considered in finding an agreement [to conduct business electronically] would be the time when the assent occurred relative to the timing of the use of electronic communications. If I order books from an on-line vendor, such as Bookseller.com my intention to conduct that transaction and to receive any correspondence related to the transaction, electronically can be inferred from my conduct. Accordingly, as to information related to that transaction it is reasonable for Bookseller to deal with me electronically.

So, the manufacturer sends emails to the Net-order customers.

From here, the rules are much like UCITA’s:

SECTION 15. TIME AND PLACE OF SENDING AND RECEIPT.

(b) Unless otherwise agreed between a sender and the recipient, an electronic record is received when:

(1) it enters an information processing system that the recipient has designated or uses for the purpose of receiving electronic records or information of the type sent and from which the recipient is able to retrieve the electronic record; and

(2) it is in a form capable of being processed by that system.

(c) Subsection (b) applies even if the place the information processing system is located is different from the place the electronic record is deemed to be received under subsection (d).
…
(e) An electronic record is received under subsection (b) even if no individual is aware of its receipt.

(f) Receipt of an electronic acknowledgment from an information processing system described in subsection (b) establishes that a record was received but, by itself, does not establish that the content sent corresponds to the content received.

(g) If a person is aware that an electronic record purportedly sent under subsection (a), or purportedly received under subsection (b), was not actually sent or received, the legal effect of the sending or receipt is determined by other applicable law. Except to the extent permitted by the other law, the requirements of this subsection may not be varied by agreement.
Source: UNCITRAL Model Law on Electronic Commerce Article 15.

Official Comment
5. Subsection (e) makes clear that receipt is not dependent on a person having notice that the record is in the person’s system. Receipt occurs when the record reaches the designated system whether or not the recipient ever retrieves the record. The paper analog is the recipient who never reads a mail notice.

So, if the TV maker sends the email to its customers but uses an email program widely used by spammers or an ISP widely used by spammers or routes its email through a country that is a common source of spam, then spam filters will eat many or most of those emails. The TV maker can show that it sent notices to all of its electronically reachable customers. The fact that only a few percent took advantage of the offer is just tough luck for the customers. They are deemed, as a matter of law, to have received these notices even if they never got past the ISP’s spam filter or having passed the ISP, got eaten by the customer’s local spam filter.

The spam filter problem is not an unanticipated consequence of the UCITA and UETA statutory language. I attended many of the Drafting Committee meetings for these statutes. We talked about this risk. The drafters were more concerned about customers who could claim that they had never received a legal notice (“my spam filter ate it!”) than about customers who legitimately never saw the message.

I understand their tradeoff, but in the face of it, we face risk whenever we use spam filters. If they filter out messages that are not actually spam, and any reasonably effective filter will have a few false alarms, then customers who use the filters will either accept the risk (speaking as a lawyer, I say this is very unwise) or set their filters so they can personally evaluate every message flagged by the filter before deleting them

I do the flag-and-review. I get over 100 spams a day. It is an enormous waste of time. A national opt-out list won’t eliminate these problems, but if it can cut the amount of spam that hits my computer by 50% (a common estimate) that will save me a lot of time and irritation.

In computer_law. Both comments and pings are currently closed.