Email

Document Sample
Email Powered By Docstoc
					Email: Opportunities
    and Pitfalls
Al Iverson, Director of Deliverability
Wh o am I?
    AL IVERSON
    Director of Deliverability for
    Email Service Provider ExactTarget
    aiverson@exacttarget.com

    Active blogger since 2000
    See www.spamresource.com

    My career focus has been on anti-
    spam, email marketing, and
    network security
Age nda
 •   Who is ExactTarget?
 •   What do I do for ExactTarget?
 •   What we tell clients
 •   CDA, CAN-SPAM, ECPA
 •   Stebbins v. Wal-Mart
 •   Omega v. Mummagraphics
 •   TCPA, SMS, etc.
 •   Recommended Reading
Dis claimer
 • I’m not a lawyer.
 • My expertise is related to helping clients send
   email marketing and transactional messages.
 • I’m not a financial services compliance expert.
 • Email use under Sarbanes-Oxley or Gramm-Leach-
   Bliley (etc.) isn’t my realm
 • What I can talk about is: Best Practices, CAN-
   SPAM, CDA, etc.
 • You want to learn more about privacy law?
   Consider Annual PLI Event: http://goo.gl/HS7HA
WHAT DOES EXACTTARGET DO?
WHAT DOES EXACTTARGET DO?
WHAT DO I DO FOR EXACTTARGET?


 •Policy compliance leader @ ExactTarget.
 •Staff of 13. Six are policy compliance focused.
 •In this context, policy compliance means sending
  permission-only email (not spam) and sending
  only legally compliant mail.
 •We terminate an average of one client
  every 30-60 days.
 •We temporarily suspend 12+ accounts/month (re
  -enabled after compliance).
WHAT WE TELL CLIENTS

 • Email is a great tool for
   transactional messaging and         Me?
   remarketing
 • It is tricky to do prospecting
   properly via email
 • Buying lists is legal but lethal
 • The Yahoos, Hotmails, and Gmails
   of the world will happily block
   your mail even if it is legally
   compliant
 • Your ability to get email delivered
   is dependent upon your email
   practices
COMMUNICATIONS DECENCY ACT (1996)

 •   This is a very significant (probably the most influential) law which affects
     the internet! (says my internet friend Venkat Balasubramani)
 •   Original intent was to allow blocking of obscene / abusive / pornographic
     content, but much of it was gutted based on various court challenges.
 •   Section 230 is the important bit.
 •   No provider or user of an interactive computer service shall be treated
     as the publisher or speaker of any information provided by another
     information content provider.
 •   Section 230 is controversial because several courts have interpreted it as
     providing complete immunity for ISPs with regard to the torts committed
     by their users over their systems.
 •   And that is basically what it is: Yahoo user defames you, you have no
     case against Yahoo.
     http://en.wikipedia.org/wiki/Section_230_of_the_Communications_Decency_Act
CAN-SPAM (2003)

 • The US spam law that doesn’t actually outlaw spam (yay)
 • Requires that spam must be labeled as an advertisement
   (labeling not required if you have affirmative consent)
 • Requires easy unsubscribe option, postal address of sender
 • Prohibits deceptive headers (subject, from, etc.)
 • Indemnifies ISPs in their best efforts to block spam
 • Allows ISPs to set higher standards than “legal”
 • Yahoo blocks many millions of CAN-SPAM-compliant
   messages daily
 • This is the law that allows ISPs to require opt-in permission
   of email marketers.
CAN-SPAM: SERVICE PROVIDER INDEMNIFICATION

 • It’s nearly impossible for a wronged party to convince a
   judge that an ISP is legally at fault for blocking or filtering
 • Both CAN-SPAM & CDA provide immunity
 • CDA’s Good Samaritan provision covers this
 • CAN-SPAM Section 8(C) says “Nothing in this Act shall be
   construed to have any effect on the lawfulness or
   unlawfulness, under any other provision of law, of the
   adoption, implementation, or enforcement by a provider of
   Internet access service of a policy of declining to transmit,
   route, relay, handle, or store certain types of electronic mail
   messages.”
 • Spammers & bad guys challenge both regularly, to no avail.
CAN-SPAM: TRANSACTIONAL MESSAGES

 • Consent not required, unsub link not required
 • Definition of transactional message: Primary purpose rule
    •   to facilitate, complete, or confirm a commercial transaction that the
        recipient has previously agreed to enter into with the sender
    •   to provide warranty information, product recall information, or safety or
        security information with respect to a commercial product or service used
        or purchased by the recipient
    •   to provide notification concerning a subscription, membership, account,
        loan or comparable ongoing commercial relationship involving the ongoing
        purchase or use by the recipient of products or services offered by the
        sender
    •   to provide information directly related to an employment relationship or
        related benefit plan in which the recipient is currently involved, participating,
        or enrolled, or
    •   to deliver goods or services, including product updates or upgrades, which
        the recipient is entitled to receive under the terms of a transaction that the
        recipient has previously agreed to enter into with the sender
BEWARE: PII IN TRANASCTIONAL MESSAGES

 • Should you be putting personally identifiable information
   (PII) into email messages? My opinion: NO
 • Instead: Email notice telling consumer to login to website
 • Include only minimal personal information in messages
 • Email is not a secure mechanism
 • Consumers often typo addresses
 • ISPs often repurpose typo or retired addresses into special
   “spamtrap addresses” to feed directly into filters
 • This data can be widely disseminated
 • ISPs notice and raise concerns over transactional messages
   appearing to contain PII
 • What can happen? See http://goo.gl/541Gi
ECPA – ELECTRONIC COMMUNICATION PRIVACY ACT

 • Rarely seems to be raised in the marketing realm, except in
   ineffective claims brought by spammers against ISPs who are
   blocking them (search Google for “Holomaxx”)
 • Interception/tampering case, see
   Mortensen v. Bresnan Comm (2010)
   http://goo.gl/zTngO
 • Wikipedia is a good place to start for an overview of the law:
   http://en.wikipedia.org/wiki/ECPA
 • What about California Invasion of Privacy Act (CIPA) for
   “wiretapping my email” claims?
   It feels like a long shot. http://goo.gl/ou76r
STEBBINS V. WAL-MART (2011)

 • Notice to companies: My name is David Anthony Stebbins, and I
   live in Harrison, AR. I am sending a link to this webpage to various
   companies to put you on notice. If you contact me in any way,
   shape, or form, you hereby acknowledge that you have read,
   understand, and agree to be legally bound by the terms below.
 • HAHA, YOU EMAILED ME BACK, YOU HAVE ENTERED INTO A
   CONTRACT ON MY TERMS.
 • Court disagreed.
 • I deal with this a lot with spam complaints. “By sending me this
   email you agree to my terms to pay me $500 per email etc.”
 • Um, no, doesn’t work that way. Court affirms.
 •   http://blog.ericgoldman.org/archives/2011/04/acknowledging_r.htm
OMEGA V. MUMMAGRAPHICS (2006)

 • The beginning of the end for anti-spam plaintiffs.
 • The plaintiff handled this so poorly, there are lasting negative
   effects impacting people who actually want to try to stop spam.
 • The court found US federal law (CAN-SPAM) pre-empts
   Oklahoma's anti-spam law.
 • False headers were immaterial because the emails were “chock
   full” of sender-identifying information.
 • “Trespass to chattels” requires real damages to be actionable –
   tragedy of the commons is a popular anti-spam “armchair lawyer”
   tactic – and now we know, it doesn’t work.
 • This 4th Circuit holding makes the very narrow and ineffective
   CAN SPAM law even more narrow and ineffective.
 •   http://blog.ericgoldman.org/archives/2006/11/fourth_circuit_1.htm
TCPA: Telephone Consumer Protection Act of 1991

 - Multiple, recent suits filed over text messages allegedly sent
   confirming a party’s opt-out request
 - Allege that these messages constitute unauthorized use of
   “automated telephone dialing systems” under 47 U.S.C. §
   227(b)(1)(A)(iii) (even though ATDS in fact not used)
 - Lawyer-driven cases (opt in, opt out and lawsuit all in less than a
   month)
 - Ibey v. Taco Bell Corp., Case No. 12-CV-0583-H (S.D. Cal. June 18,
   2012)
 - TCPA does not impose liability for a single confirmatory text
   message
 - Insufficient allegation of use of an ATDS
 - See also Joffe v. Acacia Mortgage Corp (2008)
RECOMMENDED READING

 • Eric Goldman's Technology & Marketing Law Blog -
   http://blog.ericgoldman.org/
 • Venkat Balasubramani's Law Blog Covering Electronic
   Communication - http://spamnotes.com/
 • Bloomberg E-Commerce and Tech Law Blog:
   http://www.bna.com/ecommerce-tech-law-blog/
 • Top 50 Internet & Digital Law Blogs -
   http://www.criminaljusticeusa.com/blog/2008/top-50-internet-
   digital-law-blogs/
 • DMCA
   http://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act
 • CDA Section 230 -
   http://en.wikipedia.org/wiki/Section_230_of_the_Communications_Decency_Act
    sti on s?
Q ue
       AL IVERSON
       Director of Deliverability
       aiverson@exacttarget.com
       http://twitter.com/aliverson

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:7
posted:9/22/2013
language:English
pages:19