Used to be when you asked people if they’d ever had spam, they thought you were talking about those odd little rectangles of meat from Hormel. But these days, spam is the all-too-familiar e-term for unrequested and unwanted e-mail messages. It’s everywhere, and it seems to be escalating daily. Spamming may be a cheap, easy way to get a message out to many people, but it’s also a huge problem for businesses and individuals, as it chokes our inboxes and saps our time. Elsewhere in this issue, you will find spam solutions based upon software, operational practices and third party assistance. But in this article, we present another option: law firms on the defense.

Suiting Up for Combat
One company leading the charge against spam is Morrison & Foerster LLP (MoFo). In less than a year, my firm saw spam grow from a minor annoyance to a major bottleneck in our communication processes, with employee inboxes brimming with junk messages about everything from changing physical attributes, refinancing, gambling, x-rated products and pornography, to “free” money from the Nigerian government. What prompted MoFo to file suit against a few notable spammers was that legitimate messages were being lost and valuable time being wasted from sifting through the unsolicited barrage.

Megan Auchincloss, a MoFo litigation associate, summarized the firm’s position against spam and what led it to initiate a lawsuit. The gist of the suit was simple: MoFo did not ask for junk e-mail and does not want it. And the solution is seen as equally simple: SPAMMER, STOP SPAMMING!

Is Spam That Big a Deal?
Absolutely! Spam is increasingly becoming a sizeable portion of law firms’ e-messaging capacity. Users with dial-up connections are forced to spend long periods of time waiting for unwanted mail to download. And much of this mail is downright offensive. Which raises a nagging question for law firms—if a message is offensive and you are not doing something about it, are you liable for allowing a hostile workplace to exist? Spam is indeed a very big deal.

So, do we need an “Us vs. the Spammers” lawsuit? MoFo certainly believes so. There are relatively few legal restrictions moderating and regulating what can and what can’t be sent, the frequency of sending it, and what your rights are in getting it stopped. In a nation where things are generally legal until they are made illegal, spammers have assumed the right to annoy anyone anytime, virtually free of consequence. MoFo’s lawsuit seeks to put parameters on what is and what is not allowed, and what we can do about receiving unwanted messages.

Does an ISP Bear any Responsibility for the Distribution of Spam?
Yes and no. Yes, when it can be demonstrated that an Internet service provider knowingly allows spam to enter its network; no, when the ISP states it does not allow spam to flow through its networks.

Last year, AOL won a $7 million dollar judgment against a spammer targeting AOL subscribers in a Federal court in Virginia. This is AOL’s second victory against a company that had been sending unsolicited material to AOL subscribers. Virginia has an anti-spam statute mandating that offenders pay a $25,000 penalty per day for sending “junk mail.” A couple of cases like this are likely to generate some well-deserved concern with offending parties.

Unfortunately, there’s a hitch to spam blocking. Inadvertently, some legitimate messages may also be blocked. Nevertheless, it’s important to know and avail your firm of your ISP’s anti-spam policies and practices.

What Legal Rights Do We Presently Have? Surprisingly few. There’s nothing on the books in the federal arena. I can’t speak for all the U.S. states, but presently, California has only two laws to protect citizens. They are California Business & Professions Code section 17538.45, which basically warns not to spam when an electronic mail service provider has said to stop; and section 17538.4, which requires, in part, that spammers place “ADV” in the subject line. Unfortunately, these admonitions are frequently ignored and are not enough to protect people and businesses.

Prickly spam-related questions abound. For example, precisely what is spam? Who is responsible for it? Are you really being spammed if you agree to an end-user license agreement, subscribe to a free service such as eFax, or accept a “Terms of Service” agreement (TOS) in which you consent to receive information from other parties? If you are spammed, what’s a fair recourse and who provides it? Which government agency is responsible for enforcing our rights? What about spammers in other nations? And neither last nor least, who pays anti-spam costs?

Clearly, spam has many different aspects and we do not yet have wide and clear legal means to defend ourselves.

A Spam Is a Spam Is a Spam. Or Not?
Credible e-messages often wind up as spam. What you consider spam might not be to someone else, and vice versa. For example, you might not mind hearing about a sale at your favorite store, whereas someone else might feel spammed. Or a user who finds something on the Internet he or she considers interesting or amusing and forwards it to friends may learn that one or more of those recipients regards the message as unwanted.

Spam can also be created unwittingly, sent with the best of intentions. For example, ever received too many updates? Or can’t get off a mail list? In algebra, A + B = C. In e-messaging, credible information shared with disinterested recipients equals spam. No software yet exists to curb these activities.

Whom Do You Call?
The basic question of who should protect us from spammers is tough to answer. The U.S. Secret Service is responsible for pursuing hackers. Should they also take on spammers? The FBI is tasked with protecting the nation’s domestic interests, so does spam lie in their domain? Spam comes from various international sources. Should the CIA, which is tasked with protecting our nation’s international interests, have the responsibility? And if spam can be considered an “attack,” should the Department of Defense step in? Probably not. Yet, in the rapidly evolving world of electronic communication, anything seems possible, anything may be necessary.

Are We Stuck with Spam Forever?
Probably. But there is well-founded hope for increasingly better control of it. Like other forms of direct marketing—junk mail, junk faxes, telemarketing, pop-up windows—spamming is merely a way of reaching potential buyers. And just as legislation was passed and options for people developed as these other marketing activities grew, so will it undoubtedly be the same for spamming, Of course, there will continue to be the usual questions of funding, responsibility and restitution.

What Can Your Firm Do?
There are three excellent ways to avoid or at least reduce spam. The first is to make your IT people responsible for anti-spam maintenance, including upgrading your firm’s firewall, Internet servers, users’ rules wizards, switches, routers and routing tables. But be aware that this can be a fulltime job that distracts your technical staff from directly supporting users.

The second way is to acquire a good third-party service provider. Each anti-spam company has its own methods of protecting your firm against spam. But at the heart of what they all provide are filtering procedures that divert suspicious mail to a separate inbox that you can scan at your leisure. You can adjust your level of screening and identify specific individuals or companies from whom you do not wish to receive information. The result is more legitimate e-mail messages coming in, less of the kind you don’t want being screened out. And since spammers never stop coming up with new ways to infiltrate your network, anti-spam companies never stop working to improve and increase the capabilities of their product.

And the third line of defense, naturally, will always be your own employees. Educate them in anti-spamming. For example, encourage them to treat their user addresses with the same reverence as their credit card numbers. Explain that whenever they provide an address, they risk its being shared or sold. Also, direct them always to report suspicious, annoying, or offensive e-mail messages. Complacency about spam, as about other annoyances, only perpetuates the problem.

For foreseeable future, spam is a fact of business (and personal) life we must all abide. But you can at least minimize it at your firm with an anti-spam service provider, IT vigilance and user education.

Me, I prefer my SPAM to be the smoke flavored kind.

About our author . . .

Jim McKenna is Technology Services Manager at Morrison Foerster LLP in San Francisco and currently serves as the Regional Vice President for ILTA’s Northern California Region.  Jim can be reached at (415) 268-7543 or by e-mail at jmckenna@mofo.com.