E-Mail Update — Junk E-Mail Developments and ISP Liability
(Originally published in Messaging Magazine, March/April 1999)

By Jim Bruce and Praveen Goyal, Wiley, Rein & Fielding

In Virginia, a flurry of bills addressing commercial junk e-mail messages have been introduced into the state General Assembly. Although these pieces of legislation are being considered by Virginia’s state legislature, their enactment would potentially carry national and international implications, given that nearly half of the Internet backbone passes through Virginia and that nearly half of Internet subscribers are served by Internet Service Providers (ISPs) based in Virginia.

House Bill 1668 was drafted and recommended by the Virginia Joint Commission on Technology and Science. Sponsored by state House member Kenneth R. Plum (D-Dist. 36), the bill was introduced in the House on January 13, 1999, and thereupon referred to the House Committee on Science and Technology. If enacted, this legislation would create two new statutory causes of action for recipients of false or misleading commercial e-mail and for recipients of unsolicited commercial e-mail. The bill’s provisions for false or misleading e-mail operate similarly to junk e-mail legislation in other states, such as Washington. Recipients of false or misleading commercial e-mail would be able to recover from the sender the greater of actual damages plus attorney fees, or $500 per occurrence, not to exceed $1 million. ISPs on whose networks false or misleading e-mail has been transmitted would be able to recover from the sender the greater of actual damages plus attorney fees, or $1,000 per occurrence not to exceed $2 million. The bill’s provisions for unsolicited commercial e-mail are less similar to junk e-mail legislation in other states. Under these provisions, sending unsolicited commercial e-mail is prohibited, unless the recipient expressly consents to receive the item of e-mail from that sender, or unless the e-mail clearly identifies itself as commercial, lists specific contact information for the sender, and details procedures by which the recipient may decline future e-mails from that sender. Recipients of unsolicited e-mail in violation of these provisions would be able to recover from the sender the greater of actual damages plus attorney fees, or $500 per occurrence not to exceed $1 million. Individuals who continued to receive unsolicited commercial e-mail after declining them would be able to recover from the sender the greater of actual damages plus attorney fees, or $1,000 per occurrence not to exceed $2 million. To the extent the bill restricts unsolicited e-mails in addition to misleading e-mails, the legislation may face criticism on free speech grounds as it moves through the legislative process.

Two bills, one in the Virginia state House and one in the state Senate, would amend the Virginia Computer Crimes Act (VCCA) to include prohibitions on sending unsolicited commercial e-mail over the networks of Virginia ISPs in contravention of their use policies. The bills, both introduced on January 13, 1999, are House Bill 1714, sponsored by House member John H. Rust, Jr. (R-Dist. 37), and Senate Bill 881, sponsored by state Senator William C. Mims (R-Senate Dist. 33). The bills’ new VCCA provisions would prohibit the sending of unsolicited bulk e-mail with falsified header information or other routing information forgery. They would also prohibit the selling, distribution or possession of software which facilitates such falsification or forgery of routing information. The damage provisions of the amendments supplement the VCCA’s existing provisions providing for recovery of actual damages with specific additional provisions for damages from unsolicited bulk e-mail. Recipients of unsolicited bulk e-mail may recover attorney’s fees in addition to actual damages, or may elect to recover $500 per unsolicited e-mail message received.

Upon introduction, the House version of the bill was referred to the House Committee on Science and Technology. The Senate version was referred to the Senate Committee for Courts and Justice, which reported the bill with amendments on January 27, 1999. These amendments would expand a Virginia e-mail service provider to include any business or organization using equipment located in Virginia to transmit e-mail to and from users of its services. Such a law would allow e-mail service providers to receive punitive damages for transmission of unsolicited bulk e-mail over their networks, and would create damages of $1,000 for each violation of the bill’s prohibitions on software facilitating falsification or forgery of e-mail routing information. The amended Senate bill has been referred to the Virginia Senate Finance Committee.

Finally, and perhaps of greatest significance for the national and international reach of Virginia laws on bulk e-mail, amended Senate Bill 920 would establish personal jurisdiction in Virginia over senders of unsolicited bulk transmissions through an ISP’s network or facility located in Virginia. Sponsored by Senator William C. Mims (R-Senate Dist. 33), the bill was introduced on January 15, 1999. The amended version of Senator Mims’ bill was passed unanimously by the Virginia Senate on January 28, 1999.

If these bills (or a compromise bill incorporating elements of all of them) are eventually passed into law, the effect would be to impose liability under their provisions upon numerous senders of junk e-mail and subject those senders, wherever they may be located, to suit in Virginia state courts. Given the significant damages these bills could impose on senders of commercial junk e-mail, they may prove to be an effective weapon against senders of junk e-mail. Moreover, the specific protections these bills give to ISPs might be construed to apply to businesses providing Internet e-mail services internally, for example to their employees.

[EMA is currently attempting to clarify the language in SB 881 and HB 1714. EMA seeks to ensure that operators of private networks, such as corporations providing e-mail to employees, have the same protections and incentives to bring suit against junk e-mailers as conventional ISPs would have under these proposed bills.]

New York: ISP Not Liable for Libelous E-Mail Sent Over Its Systems

In a recent decision by the Appellate Division of the New York Supreme Court, Second Department, the ISP, Prodigy Services Co. was held not to be liable for libel, negligence or harassment because of a threatening e-mail sent through its service using a fraudulently created account. (The New York Supreme Court is New York State’s trial court of general jurisdiction. Its Appellate Division is an intermediate appellate court.) The case, Lunney v. Prodigy, was decided on December 28, 1998.

An account had been fraudulently created in the name of 15-year-old Alexander Lunney, son of a former New York state prosecutor, through which an offensive and threatening e-mail was sent to the leader of Lunney’s Boy Scout troop. After the troop leader complained to the police, Prodigy informed Lunney that it had suspended the account. Prodigy later apologized to Lunney when it discovered that the account was fake. Lunney then brought suit against Prodigy alleging libel, negligence and harassment.

Writing for a four judge panel, Justice Lawrence J. Bracken reversed the lower court’s ruling, and found that Prodigy could not be held liable to Lunney for the message. According to Justice Bracken, Prodigy exercised no participatory function in disseminating the e-mail. Moreover, although Prodigy in some cases automatically edited e-mails when its service detected objectionable words, no human editor was involved in creating the e-mail message. Thus, Prodigy was held not to be liable as a publisher or editor of the libelous e-mail. Instead, like a telephone or telegraph company, Prodigy was found to hold a qualified privilege rendering it immune from liability for the transmission of a libelous message, unless it knew the message was libelous.

Justice Bracken’s opinion strongly criticized an earlier New York Supreme Court opinion, Stratton Oakmont v. Prodigy, which had found Prodigy to be liable for defamatory messages posted by a third party on its bulletin boards. The Stratton Oakmont case based Prodigy’s liability on the fact that Prodigy had attempted to exercise editorial control over some of the messages, and had allowed the ones in question to be posted. According to Justice Bracken’s criticism in Lunney, the Stratton Oakmont decision held Prodigy liable for an action it had no duty to perform at all in the first place. Nonetheless, Bracken’s opinion did not overturn Stratton Oakmont, but distinguished the Lunney case by finding that Prodigy no longer attempted to exercise editorial control over bulletin boards, and certainly did not do so for e-mail messages.

The Lunney case represents a new development in the law of ISP liability, because it does not rely on protections contained in § 230 of the 1996 Telecom Act and interpreted in a subsequent line of cases involving America Online, including, for example, Zeran v. America Online. The Telecom Act protections preclude ISPs from being regarded as publishers or speakers of material transmitted through their services, and exempt ISPs from liability for taking good faith actions to restrict access to specific kinds of objectionable materials, including material considered harassing. The Lunney decision recognizes an alternative to Telecom Act protections for ISPs in the form of a broad, qualified immunity from liability under state common law. Aside from ISPs like Prodigy, businesses providing e-mail services internally, for example to their employees, may also be able to benefit from Lunney’s protections against liabilities arising from third party postings, if those businesses’ services are analogized to the services provided by an ISP. MM

Back to Table of Contents