Spam without borders

by Henry Farrell on April 9, 2004

The “Washington Post”:http://www.washingtonpost.com/wp-dyn/articles/A60804-2004Apr8.html reports on the interesting – but problematic – approach of Virginia to prosecuting spammers. Authorities in Virginia have arrested three suspected spammers from North Carolina. Their basis for asserting jurisdiction: that the spammers ‘went through’ servers in Virginia in order to disseminate spam.

bq. Although all of the suspects are from North Carolina, Cantrell said, “they went through a server in Virginia, and as long as they go through Virginia then we can prosecute them under our Virginia statutes.” Northern Virginia is a major hub for Internet traffic, and because of that Virginia has an opportunity to snag many more “spammers,” Cantrell said.

It’s not clear from the newspaper article how close the spammers’ relationship is with the server in Virginia – whether this is a server that they themselves used intentionally, or merely a server that their mail passed through en route to its final destination. But it certainly sounds as though Virginian authorities are asserting a general right to prosecute spammers (and jail them for up to twenty years), on the basis that their emails pass through Virginia at some point in their travels. Since roughly “50% of world Internet traffic”:http://www.reuters.com/locales/newsArticle.jsp?type=internetNews&locale=en_US&storyID=4778933 passes through Virginia, that’s a very far-reaching jurisdictional claim indeed. Of course, it’s nice to see spammers getting walloped with serious penalties (although 20 years of jail time would be a bit much). But it’s not at all clear to me that Virginia state authorities should appoint themselves arbiters of the world’s Internet traffic, with extraterritorial reach. If nothing else, it’s likely to lead to competing claims for jurisdiction from other authorities, in the US and elsewhere, and an incredible mess for individuals and firms trying to determine their legal liabilities. As Michael Geist “observes”:http://www.law.berkeley.edu/journals/btlj/articles/vol16/geist/geist.pdf, jurisdiction on the Internet is murky enough as it is. It looks as though it’s about to get a whole lot murkier.

{ 11 comments }

1

Nasi Lemak 04.09.04 at 4:55 pm

Mostly the way regulation of the net seems to have gone, imho, is exactly along these lines – where diversity of jurisdiction is an issue, regulators have generally accepted the argument that *some* jurisdictional claim is enough, rather than the argument that they should defer to another jurisdiction with a different (unconscionable!) regulatory regime.

At least I think this is true of courts; see e.g. the Yahoo case (yahoo.com is subject to French jurisdiction); the Zundel case in the CHRT, Dow Jones v. Gutnick in Australia, etc etc. Patrick Schmidt had a co-authored paper at APSA last year which is still up on the proceedings website, not specifically about diversity, but covering some of these cases.

2

Henry 04.09.04 at 5:06 pm

I’m writing a piece that touches on these issues at the moment; hadn’t come across the Patrick Schmidt paper – sounds very interesting. I also have a paper on the Proceedings website for last year that presents some of my ideas in a very undeveloped form.

3

Ed Felten 04.09.04 at 5:49 pm

If Virginia wants to be arbiter of criminal law for the world’s traffic, they’ll need to be able to extradite violators. Extradition from North Carolina to Virginia is easy; but international extradition might be a different story.

4

Joe S 04.09.04 at 7:42 pm

Henry,
Whose jurisdiction would you prefer?
The spammers? If so, they’ll set up shop in Spamistan, and forever be free of criminal liability.

The spam victims? Well, I agree that this comports better with criminal law tradition than the location of the server. But it is even more ubiquitous. And beside, the server operator, unless the spammer’s ISP, is a victim too.

For e-commerce, there is a strong need for predictability, and thus jurisdictional modesty. And the foundations of the law of jurisdiction are a complete mess, either on or off the Internet.

But for a malum in se (IMHO) crime like spamming? Whack the bastards, I say.

5

John Quiggin 04.09.04 at 11:28 pm

With the general adoption of antispam devices by Internet users, spammers are increasingly forced to rely on circumvention devices that are more clearly dishonest/criminal than the spam itself. Spurious return addresses are universal and reliance on hijacked computers as spam generators seems to be becoming so.

Hence, I think joe is right. Spammers are committing crimes in every jurisdiction connected to the Internet and can reasonably be prosecuted in any jurisdiction that is prepared to take the trouble to identify and extradite them.

This may, I think, be the beginning of the end for spammers. At some point in the process, they need things like a Visa merchant account and (if they are not totally fraudulent) a physical address from which to ship stuff. If everyone involved risks imprisonment, the payoff will start to diminish.

6

Cancergiggles 04.10.04 at 1:52 am

Much as I would personally like to see the introduction of the death penalty for spammers I think Virginia are on a loser on this one. At least if any form of reality is in force the damn well should be.

7

ex-telecom-guy 04.10.04 at 7:48 am

There’s actually a great deal to recommend Viginia’s suit, at least from the micro-economics that apply.

The correct way to estimate the cost of telecom traffic is based upon the peak level of traffic a piece of equipment needs to carry.

My guess is that if half of all email traffic is spam, then because spam comes in a torrent of bits, routers in Virginia have to have 2x or 3x the capacity due to the sudden tidal waves of spam they get hit with periodically.

So the owners of the routers can unquestionally claim they are damaged by operators like this, and moreover, the cost can even be quantified.

–Former Telecom Economist

8

aphrael 04.10.04 at 5:30 pm

I fail to see the difference between Virginia asserting this right and Virginia asserting the right to, say, prosecute porn sites whose packets go through servers in the state, or Canada’s right to prosecute the owners of sites which violate their hate speech laws (and whose packets at some point travel through a server in Canada), etc.

This is a deeply troubling argument, to say the least.

9

Adam Mansfield 04.10.04 at 8:10 pm

It looks like AOL has had civil suits against spammers dismissed in Virginia and Florida for lack of jurisdiction. (http://tinyurl.com/296fh)

I looked for the opinions on Lexis, but couldn’t find them. I wonder what they said about the change to Virginia’s long-arm statute under its Computer Crimes Act which amends the long-arm statute to establish that “using a computer or computer network located in the Commonwealth shall constitute an act in the Commonwealth.” (http://www.spamlaws.com/state/va.html)

I can see the long-arm statute being challenged on constitutional grounds. Using a “computer network” in the state of Virginia is a pretty far-reaching activity when you look at how much traffic goes through there.

Another interesting question is what affect does the federal anti-spam law have on the state laws? (http://tinyurl.com/yull8)

10

Brett Bellmore 04.11.04 at 12:58 pm

Twenty year’s prison time; At five seconds of other people’s time wasted per spam, that’s about two million spams. I’m betting they’ve sent many times that many.

Looked at from that perspective, it’s not obviously an excessive sentence.

11

Ethesis 04.11.04 at 2:01 pm

“The spammers? If so, they’ll set up shop in Spamistan, and forever be free of criminal liability.”

Actually, the businesses at the other end of Spam need to have trustworthy ways of moving inventory and accepting payment.

If you cut them off (no credit or debit transactions, no ability to ship goods or services from within the U.S.) you have cut off 99% of the spammers.

With spam, the deluge is only getting worse (surely you’ve gotten asian and spanish language spams?), but with prosecution the cost/benefit changes a great deal.

While I think we are on our way to handshake e-mail, which will kill spam pretty much (your e-mail application and the home server have to verify each other), this sort of thing can really help.

Comments on this entry are closed.