Presentation on theme: "Email: Opportunities and Pitfalls Al Iverson, Director of Deliverability."— Presentation transcript:
Opportunities and Pitfalls Al Iverson, Director of Deliverability
AL IVERSON Director of Deliverability for Service Provider ExactTarget Active blogger since 2000 See My career focus has been on anti- spam, marketing, and network security Who am I?
Who is ExactTarget? What do I do for ExactTarget? What we tell clients CDA, CAN-SPAM, ECPA Stebbins v. Wal-Mart Omega v. Mummagraphics TCPA, SMS, etc. Recommended Reading Agenda
I’m not a lawyer. My expertise is related to helping clients send marketing and transactional messages. I’m not a financial services compliance expert. use under Sarbanes-Oxley or Gramm-Leach- Bliley (etc.) isn’t my realm What I can talk about is: Best Practices, CAN- SPAM, CDA, etc. You want to learn more about privacy law? Consider Annual PLI Event: Disclaimer
WHAT DOES EXACTTARGET DO?
WHAT DO I DO FOR EXACTTARGET? Policy compliance ExactTarget. Staff of 13. Six are policy compliance focused. In this context, policy compliance means sending permission-only (not spam) and sending only legally compliant mail. We terminate an average of one client every days. We temporarily suspend 12+ accounts/month (re-enabled after compliance).
WHAT WE TELL CLIENTS is a great tool for transactional messaging and remarketing It is tricky to do prospecting properly via Buying lists is legal but lethal The Yahoos, Hotmails, and Gmails of the world will happily block your mail even if it is legally compliant Your ability to get delivered is dependent upon your practices Me?
COMMUNICATIONS DECENCY ACT (1996) This is a very significant (probably the most influential) law which affects the internet! (says my internet friend Venkat Balasubramani) Original intent was to allow blocking of obscene / abusive / pornographic content, but much of it was gutted based on various court challenges. Section 230 is the important bit. No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider. Section 230 is controversial because several courts have interpreted it as providing complete immunity for ISPs with regard to the torts committed by their users over their systems. And that is basically what it is: Yahoo user defames you, you have no case against Yahoo.
CAN-SPAM (2003) The US spam law that doesn’t actually outlaw spam (yay) Requires that spam must be labeled as an advertisement (labeling not required if you have affirmative consent) Requires easy unsubscribe option, postal address of sender Prohibits deceptive headers (subject, from, etc.) Indemnifies ISPs in their best efforts to block spam Allows ISPs to set higher standards than “legal” Yahoo blocks many millions of CAN-SPAM-compliant messages daily This is the law that allows ISPs to require opt-in permission of marketers.
CAN-SPAM: SERVICE PROVIDER INDEMNIFICATION It’s nearly impossible for a wronged party to convince a judge that an ISP is legally at fault for blocking or filtering Both CAN-SPAM & CDA provide immunity CDA’s Good Samaritan provision covers this CAN-SPAM Section 8(C) says “Nothing in this Act shall be construed to have any effect on the lawfulness or unlawfulness, under any other provision of law, of the adoption, implementation, or enforcement by a provider of Internet access service of a policy of declining to transmit, route, relay, handle, or store certain types of electronic mail messages.” Spammers & bad guys challenge both regularly, to no avail.
CAN-SPAM: TRANSACTIONAL MESSAGES Consent not required, unsub link not required Definition of transactional message: Primary purpose rule to facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender to provide warranty information, product recall information, or safety or security information with respect to a commercial product or service used or purchased by the recipient to provide notification concerning a subscription, membership, account, loan or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender to provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating, or enrolled, or to deliver goods or services, including product updates or upgrades, which the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender
BEWARE: PII IN TRANASCTIONAL MESSAGES Should you be putting personally identifiable information (PII) into messages? My opinion: NO Instead: notice telling consumer to login to website Include only minimal personal information in messages is not a secure mechanism Consumers often typo addresses ISPs often repurpose typo or retired addresses into special “spamtrap addresses” to feed directly into filters This data can be widely disseminated ISPs notice and raise concerns over transactional messages appearing to contain PII What can happen? See
ECPA – ELECTRONIC COMMUNICATION PRIVACY ACT Rarely seems to be raised in the marketing realm, except in ineffective claims brought by spammers against ISPs who are blocking them (search Google for “Holomaxx”) Interception/tampering case, see Mortensen v. Bresnan Comm (2010) Wikipedia is a good place to start for an overview of the law: What about California Invasion of Privacy Act (CIPA) for “wiretapping my ” claims? It feels like a long shot.
STEBBINS V. WAL-MART (2011) Notice to companies: My name is David Anthony Stebbins, and I live in Harrison, AR. I am sending a link to this webpage to various companies to put you on notice. If you contact me in any way, shape, or form, you hereby acknowledge that you have read, understand, and agree to be legally bound by the terms below. HAHA, YOU ED ME BACK, YOU HAVE ENTERED INTO A CONTRACT ON MY TERMS. Court disagreed. I deal with this a lot with spam complaints. “By sending me this you agree to my terms to pay me $500 per etc.” Um, no, doesn’t work that way. Court affirms.
OMEGA V. MUMMAGRAPHICS (2006) The beginning of the end for anti-spam plaintiffs. The plaintiff handled this so poorly, there are lasting negative effects impacting people who actually want to try to stop spam. The court found US federal law (CAN-SPAM) pre-empts Oklahoma's anti-spam law. False headers were immaterial because the s were “chock full” of sender-identifying information. “Trespass to chattels” requires real damages to be actionable – tragedy of the commons is a popular anti-spam “armchair lawyer” tactic – and now we know, it doesn’t work. This 4th Circuit holding makes the very narrow and ineffective CAN SPAM law even more narrow and ineffective.
TCPA: Telephone Consumer Protection Act of Multiple, recent suits filed over text messages allegedly sent confirming a party’s opt-out request -Allege that these messages constitute unauthorized use of “automated telephone dialing systems” under 47 U.S.C. § 227(b)(1)(A)(iii) (even though ATDS in fact not used) -Lawyer-driven cases (opt in, opt out and lawsuit all in less than a month) -Ibey v. Taco Bell Corp., Case No. 12-CV-0583-H (S.D. Cal. June 18, 2012) -TCPA does not impose liability for a single confirmatory text message -Insufficient allegation of use of an ATDS -See also Joffe v. Acacia Mortgage Corp (2008)
RECOMMENDED READING Eric Goldman's Technology & Marketing Law Blog - Venkat Balasubramani's Law Blog Covering Electronic Communication - Bloomberg E-Commerce and Tech Law Blog: Top 50 Internet & Digital Law Blogs - digital-law-blogs/ digital-law-blogs/ DMCA CDA Section
AL IVERSON Director of Deliverability Questions?