The Internet, or, more accurately, email, has spawned one of the greatest nuisances of our time, “spam”. Conservative estimates are that 100 million people receive at least one spam email. It is also estimated that somewhere between 50 percent and 70 percent of all email messages are spam. As you will see, quantifying the cost of spam email is difficult, but even conservatively the cost to lost business must be in the billions, rather than millions, of dollars. Hardly suprising then that anti-spam advocates want to see anti-spam criminal laws enacted around the world.
What is spam and how can it be a cybercrime?
Before we can really discuss whether or not spamming should constitute an offence in criminal law it may be helpful if we try and quantify exactly what “spamming” is? It would also be helpful if we knew exactly what constituted a “cybercrime” and how spamming would fit in with such a criminal offence, if one even exists.
Ask two people to define “spam” e-mails for you and you are almost certain to get two different answers. Chances are, however, that both will agree that spam e-mails are “unsolicited e-mails”. From that point onwards, people’s opinions diverge. Some argue that spam e-mail are “unsolicited advertisements for products or services”. While this may sound like a nice catchy definition of spam, it is also somewhat misleading. Spam can be a lot more than merely an advertisement for products and services. It’s eminently possible to receive spam mail that actually doesn’t advertise either a product or service. For this reason, an alternative is needed and none better can be found than “An unsolicited e-mail from which the sender is attempting to gain an advantage (commercial or otherwise) and which the recipient neither asked for nor wanted”. For reasons set out below, it is the addition of an unwanted that can become all important when we consider whether or not spamming should constitute an offence in criminal law.
Having defined “spam” and “spamming”, we now need to determine what constitutes a “cybercrime” in order to be able to determine whether or not “spamming” should be considered an offence in law.
Unlike the definition of spam, there appears to be broad consensus that the definition of cybercrime constitutes “a criminal activity committed on the Internet”. Again, for the purpose of the article, the criminal activity element in the definition of cybercrime is going to be important in deciding whether or not spamming constitutes a cybercrime or merely a time massacre.
Spamming and the law – the problem
Despite costing industry billions of dollars a year in lost earnings, almost immediately the first problem you come across when considering whether or not spam e-mailing should constitute a criminal offence is exactly how you criminalize it? In other words, exactly what kind of criminal activity has taken place? If we look to old legislation and case law, we could argue that e-mail spamming should be treated in the same manner as junk mail. After all, they share many of the same elements. Nevertheless, even here we an important distinction – in the case of junk mail it is the sender who is bearing the cost of the mail being sent; whereas in the case of spam e-mails it is the recipient who is paying the cost of the mail being sent, through higher operating costs from their Internet Service Provider (“ISP”).
Whenever the law has a problem categorizing an offence, criminal law usually reverts back to antiquated legislation that fits the modern crime. Here, in the case of spam e-mails, a popular line of attack has been to label spam emails as an offence of trespass. Certainly as far as the ISP is considered, a case for trespass could be made, but does this still hold true for the recipient? Can a recipient’s mail-box be trespassed? If so, why should junk mail not attract the same treatment?
Why does it even matter anyway? – the case for criminal law legislation
The ethos of any criminal law is that it protect society from dangerous citizens while punishing those who do not conform to that society’s norms and morals. With our penal system already overflowing, and with millions being spent on building new jails, valid questions may well be asked as to exactly why we need to consider having legislation in place that needs to criminalize the nuisance of spam e-mails.
Advocates for including spamming within the realms of criminal law will tell you that not only is it losing business billions a year, but it is also clearly very dangerous. In most cases it also almost certainly involves one of the principal elements of any criminal behavior, the intent to cause another harm.
This can most probably be best shown by looking at few example of spam e-mails that each of us will have experienced:
1. when opening your e-mail inbox you notice that there is an advertisement for drugs. As it happens, this is exactly the type of drug you need to take regularly. Even better, the price of the advertised medicine is significantly cheaper than what you are currently paying at you local pharmacy. Nothing wrong in that, is there?
Well actually, yes there is. In most cases the drug being advertised, if sent to you at all, will have been manufactured in a country where the manufacturing process is much cheaper than where you currently live. Hence the fact that it can be sold at such a discounted price. However, it is highly unlikely that the distribution of this drug will have been approved by the Food and Drug Administration. Moreover, the seller of the drug knows this. In short, the intent aspect of a criminal offence has taken place. And, if you were to take the drug and die, a criminal offence would have occurred.
2. you open up your e-mail in the morning to see an e-mail from someone you do not know asking you to assist them in extraditing some of their money in return for which you’ll be given a large commission. On answering the email you will be asked for a “small” deposit as a sign of good faith. No harm done, right?
Well, yes, there has/will be. This is the famous Nigerian 419 scam, so-called because it reflects the relevant section of the Criminal Code of Nigeria, and victims of this fraud of been defrauded millions. Only recently a victim of the Nigerian 419 scam was defrauded $2.1 million. You may argue that the person was greedy and knew they were likely breaking the law themselves, and you would have a point. However, the unsolicited spam e-mail was sent with one intent and one intent only, to defraud the recipient of the email out of their savings. Thus it is a criminal act and there should be criminal law to reflect this.
3. you open up your morning email to find out that your bank has sent you an urgent email that there is a problem with your bank account. By return email you must provide the bank with certain financial information and all the problems can then be cleared up.
Nothing wrong here, the bank was just doing its job! Actually, again, yes there is. This type of crime has exploded so rapidly in the last few years it has even spawned new vocabulary into the English language – “phishing”. Phishing is especially nasty in that not only does it defraud people, it defraud those vulnerable people in society who are trusting. Exactly the section of society for whom criminal laws are supposed to protect.
Each of the examples above are examples of some of the more prevalent types of spam emails each of us receives each day. Each also clearly shows why there is a strong case that spamming is not merely a time massacre, but constitutes something much more sinister – a cybercrime.
It’s all free speech – the case against criminal law legislation
Most opponents of a move to criminalize the act of spamming argue that to do such would be to impose on our right to free speech. As the use of the Internet, which would include the sending and receiving of emails, as an unregulated domain where free speech is allowed to foster is critical to most supporters of the Internet, this argument is both a powerful one and one certainly worth consideration.
Any discussion about the Internet, spamming and free speech will centre on two cornerstone issues: (a) what is the content of the spam email; and (b) what is the forum by which the spam email has been disseminated.
Most of us would agree that a right to free speech would agree that the right to free speech is not an absolute right per se. Obviously there must be certain limitation on our right to free speech. For example, any spam email that contains content which is clearly bigoted, sexist, racist or inflammatory would constitute a crime nearly every jurisdictions criminal law system, and this should not be any different just because we are on the Internet. These are fundamental ethos that reflect mankind’s moral code and thus should be regulated. Thus, should you send a spam e-mail that contains material which is clearly bigoted, sexist, racist or inflammatory then such spam e-mail should be a breach of criminal law. Here you would even find support among those who argue that criminalizing spam e-mails is an infringement of our right to free speech. Unfortunately, however, ninety percent of all spam e-mails contain none of these; thus no crime, per se, is being committed. After all, would an e-mail from a government agency warning of an impending disaster to unregistered recipients constitute a spam e-mail or a useful dissemination of information?
The fora by which a spam e-mail is sent is almost as important as its content. Here the discussion centers on whether or not the fora by which the spam has been sent constitutes a public message or a private message. Clearly established law states that a forum is public if (a) that forum is used for assembly and expression; and (b) the forum’s principle purpose is to allow the exchange of ideas. In such case you would be in a public forum. Thus, the likes of a website forum may constitute a public forum, if such was clearly designated as such. Email accounts, however, would not fulfill either of these tests, let alone both. Therefore, e-mail accounts are clearly a private forum. Or so free speech advocates would argue. However, the limited legislation in place would differ here. In the eyes of the law, spam email is not necessarily an offence against the recipient of the spam email itself, but is more a crime against the ISP provider, against whom the crime is being committed and which, clearly, is public. As such, here the advocates of both camps differ on a fundamental issue of ideology as to whether any criminal law should be an offence against the end receiver of the spam email, namely you – as it’s your email account to which the spam email is being sent -, or the ISP provider, who acts as the deliver of the email in much the same manner as a postman delivers junk mail. And, this analogy is important, because do we penalize junk mailers in criminal law for the additional burden they place on mailmen for having to deliver waste of time junk mail? No, we do not. So why do we feel the need to protect ISP providers in criminal law in a similar manner?
Clearly then both supporters and opponents of the campaign to legislate spam email into criminal law have very strong fundamental beliefs, both of which have their merits.
The law and spam email – where are we now?
As is the case whenever the law and technology converge, the law always comes of second best. By its very nature, legislating against an act is a time consuming process. Even fast-track laws can take up to two years before they become enacted. Technology, however, is vibrant, changing and developing almost daily. As such, even the best intentional of law regulating technological developments will be dated. This applies equally to criminal law legislating against spam e-mails as it does to any other technological related issue. As soon as you criminalize the manner in which spam emails are sent, and the spam emailers will have found and alternative means of sending the email that does not fall foul of the law. As such, in order to consider spam email as an act in criminal law you need to concern yourself more on what the contents of the spam email are, rather than the manner in which the mail is sent. And this is why trying to define spam email is of paramount importance – something we have not managed to do despite the first known recorded occurrence of spam email happening in 1994*, in the days when the Internet, at best, was in its infancy.
Today most jurisdictions have some form of legislation against spam emailing. In the United States, probably the most develop jurisdiction when it comes to legislating against spam emailing, this legislation is enshrined in both state and federal law. Nevertheless, importantly, this legislation is not, per se, criminal law. In most instances, legislation against spam emailing is a civil action, not criminal. Thus, a penal sentence is extremely unlikely.
Notwithstanding the fact that legislation against spam emailing does not necessarily principally exist itself, the law is very diverse and, as mentioned earlier, it is often the case that you can apply old laws to new events. Spamming emailing is not different here. As free speech advocates will have us know, criminal law sanctions against email spamming already exists – it is both an act of trespass and an act of conversion. Again, this is why it is crucial that we revert back to the a sensible definition of “spam emailing”. Because, without an aspect of an “unwanted”, trespass, as a criminal act, would be difficult to establish at law. For no other reason, this is why we need to include, in any definition of spam email, the unwanted element.
Throughout this article we have tried to evaluate whether or not the act of spam emailing should constitute an offence in criminal law or whether it should merely be an act of nuisance. Whenever we discuss this subject, important, we need to consider two important issues: (a) should the act of nuisance constitute a criminal act?; and (b) should we legislate against the last frontier of man, the Internet?
Since the dawn of time man has, in one form or another, legislated against acts of nuisance. Thus, clearly the answer to (a) is that “yes” we should be legislating, in criminal law, the offence of spamming; especially so where such spam emailing shows intent. Regardless of this, the answer to (b) is far more complex, because, as with space, the Internet is without boundaries. And herein lies the crux of attempting to make spam emailing a crime in criminal law, if we wish to do this we need to ensure the act is consider an act in criminal law global, not locally.
And before we can do any of that, we still need to decide how we define what spam emailing is.
*The first recognized commercial use of spam emailing is recorded as being March 5, 1994 when Laurence Canter and Martha Siegel made use of bulk Usenet posting to advertise their legal services. Somewhat ironic that two lawyers have spawned a discussion as to whether or spam emailing sound constitute a criminal act.