SPAM REGULATION - S.B. 357 (S-4): COMMITTEE SUMMARY
sans-serif">Senate Bill 357 (Substitute S-4)
Sponsor: Senator Michael D. Bishop
Committee: Technology and Energy
CONTENT
The bill would create the Electronic Mail Solicitation Act to do all of the following:
-- Create the Electronic Mail Solicitation Program within the Department of Consumer and Industry Services (DCIS) and require the Program to maintain a list of e-mail addresses of people who did not want to receive unsolicited commercial e-mail.
-- Provide that the Program would be funded by registration fees paid by people on the list.
-- Require senders of unsolicited commercial e-mail to register with the Program and pay a fee.
-- Require senders to include a valid method for recipients to opt out of receiving future e-mails.
-- Require certain information to be included in an unsolicited commercial e-mail.
-- Prohibit a sender of unsolicited commercial e-mail from using a third party’s internet domain name or e-mail address without consent; or misrepresenting or failing to include information in identifying the point of origin or the transmission path of the e-mail.
-- Prohibit a person from knowingly selling, giving, or otherwise distributing or possessing with the intent to sell, give, or distribute software designed to facilitate or enable the falsification of e-mail transmission information or other routing information; or providing such software directly or indirectly to another person.
-- Require a sender of unsolicited commercial e-mail to establish and maintain the necessary policies and records to ensure that a recipient who notified the sender that he or she did not wish to receive future e-mails did not receive any e-mail from the date of notice.
-- Allow an e-mail service provider to design its software so that a sender of unsolicited commercial e-mail was notified of the bill’s requirements each time the sender requested delivery of e-mail.
-- Prescribe criminal penalties for violating the proposed Act, and allow an e-mail service provider or the Attorney General to bring a civil action against a violator.
Under the bill, “unsolicited” would mean without the recipient’s express permission. An e-mail would not be unsolicited if the sender had a preexisting business or personal relationship with the recipient, or if the e-mail were received because the recipient opted into a system in order to receive promotional material. (“Preexisting business relationship” would mean that there was a business transaction between the initiator and the recipient of a commercial e-mail message during the 10-year period preceding the receipt of that message. The term would include a transaction involving the free provision of information, goods, or services requested by the recipient.) “Commercial” would mean for the purpose of promoting the sale, lease, or exchange of goods, services, or real property.
Do-Not-E-Mail List
The proposed Electronic Mail Solicitation Program would have to be administered by the DCIS or a program manager selected by the DCIS from the private sector. The Program would have to be fully operational by January 1, 2004, or 90 days from the bill’s effective date, whichever was later. The Program would have to maintain a list of e-mail addresses of people who did not want to receive unsolicited commercial e-mail.
A person who registered for the list would have to pay up to $5 for each address registered, and a business with 30 or more e-mail addresses could make a single registration and pay a maximum fee of $150. The Program would be funded completely from the registration fees. A registration would be for a period of at least three years, at which point a person could renew the registration by paying the fee again.
The Program would have to update the list at least every 30 days. It could not release to another person information concerning people or provide access to addresses on the list. The list would not be subject to the Freedom of Information Act and could not be sold or used for any purpose other than meeting the requirements of the proposed Act.
The DCIS, in consultation with the program manager, could create specific categories of e-mail for which recipients who were minors could receive protection. A parent, legal guardian, or other person with authority or control over e-mail addresses to which minors could have access, could list an e-mail address under any of the categories to give notice that he or she did not consent to receive e-mail within that category. The categories would have to include products or services that a minor is prohibited by law from purchasing. E-mail senders would have to honor the categories, even if they had evidence of a preexisting business relationship.
A listing in the registry would put all e-mail senders on notice that unsolicited commercial e-mail could not be sent to a name on the list unless the sender had a preexisting business relationship with the recipient. The notice would alert senders that they had to comply with all provisions of law and were subject to the State’s jurisdiction when sending to addresses on the list.
Senders of commercial e-mail in Michigan would have to include a valid method to opt out of receiving future messages. A subscription to the registry and subsequent honoring of opt-out requests filed for the particular sender with the program manager would be considered an acceptable opt-out method.
A person who sent unsolicited commercial e-mail to an e-mail address in this State would have to register with the Program and pay an annual fee, as determined by the DCIS. A sender would be required to remove from its mailing list addresses that appeared on the registry if the parties did not have a preexisting business relationship, if the type of mail the person planned to send were within one of the categories the recipient had opted out of, or if the e-mail holder had opted out of the specific sender’s mailing list. A sender would have to update its list every 30 days with the latest available copy of the registry.
If a person sent an unsolicited commercial e-mail without first verifying the recipient’s e-mail address against the registry, the sending of the e-mail would be considered without the recipient’s consent and would be a violation of the proposed Act. A registered sender would have to establish procedures to ensure that no unsolicited commercial e-mail was sent to a registered recipient. The burden of proof that the sender had the recipient’s consent to send unsolicited commercial e-mail would be on the sender.
Required Information
A person who intentionally sent or caused to be sent an unsolicited commercial e-mail through an e-mail service provider that the sender knew or should have known was located in this State, or to an e-mail address that the sender knew or should have known was held by a resident of this State, would have to do all of the following:
-- Include in the e-mail a subject line containing “ADV:” as the first four characters.
-- Conspicuously state in the e-mail the sender’s legal name, correct street address, valid internet domain name, and valid return e-mail address.
-- Conspicuously provide in the text of the e-mail, in print as large as the print used for the majority of the e-mail, a notice that informed the recipient that the recipient could conveniently and at no cost be excluded from future e-mail from the sender.
The sender also would have to establish a toll-free telephone number, a valid sender-operated return e-mail address, or another easy-to-use electronic method that the recipient could call or gain access to by e-mail or other electronic means, to notify the sender not to transmit any further unsolicited commercial e-mail messages. The notification process could include the ability for the recipient to direct the sender to transmit or not transmit particular e-mails based upon products, services, divisions, organizations, companies, or other selections of the recipient’s choice. An unsolicited commercial e-mail would have to include, in print as large as the print used for the majority of the e-mail, a statement informing the recipient of a toll-free telephone number or valid return address the recipient could use to notify the sender not to transmit any further commercial e-mail messages.
Misrepresenting Information
A person who sent or caused to be sent an unsolicited commercial e-mail through an e-mail service provider located in Michigan or to an e-mail address held by a resident of Michigan would be prohibited from doing any of the following:
-- Using a third party’s internet domain name or e-mail address in identifying the point of origin or in stating the transmission path of the e-mail without the third party’s consent.
-- Misrepresenting any information in identifying the point of origin or the transmission path of the e-mail.
-- Failing to include in the e-mail the information necessary to identify the point of origin of the e-mail.
Additionally, a person could not knowingly sell, give, or otherwise distribute or possess with the intent to sell, give, or distribute software that was primarily designed or produced for the purpose of facilitating or enabling the falsification of e-mail transmission or routing information; had only limited commercially significant purpose or use other than to facilitate or enable the falsification of e-mail transmission information or other routing information; or was marketed by the person or another acting in concert with the person, with that person’s knowledge, for use in facilitating or enabling the falsification of e-mail transmission information or other routing information. A person could not provide such software directly or indirectly to another person.
Sender Notification
A sender could not send unsolicited commercial e-mail, either directly or through a third party, to a recipient who notified the sender that he or she did not want to receive future e-mails. A sender would have to establish and maintain the necessary policies and records to ensure that a recipient who notified the sender did not receive any e-mail from the date of the notice. The sender also would have to update its records at least every 14 business days.
The bill would allow an e-mail service provider to design its software so that a sender of unsolicited commercial e-mail would be notified of the requirements of the proposed Act each time the sender requested delivery of e-mail. The existence of the software would constitute actual notice to the sender of the Act’s requirements.
Penalties & Damages
A person who violated the proposed Act would be guilty of a misdemeanor punishable by imprisonment for up to one year or a fine of up to $10,000, or both. Each e-mail sent would be a separate violation. Additionally, all money and other income, including all proceeds earned but not yet received by a defendant from a third party as a result of the defendant’s violations, and all computer equipment, software, and personal property used in connection with a violation known by the owner to have been used in violation of the Act, would be subject to lawful seizure by a law enforcement officer and forfeiture by the State. The bill states that an e-mail service provider would not be in violation of the Act solely by being an intermediary between the sender and recipient.
An action could be brought by an e-mail service provider through whose facilities an e-mail was transmitted in violation of the Act or by the Attorney General. In each action, an e-mail service provider or the Attorney General could recover either actual damages, or the lesser of the following: $10 per unsolicited commercial e-mail, or $25,000 for each day the violation occurred. Additionally, a prevailing e-mail service provider would have to be awarded actual costs and reasonable attorney fees.
- Legislative Analyst: Julie Koval
FISCAL IMPACT
The bill would have an indeterminate fiscal impact on State and local government.
Revenue to the Program would depend on the number of individuals and businesses registered under the Program. Enforcement costs would depend on the number of violations under the bill. The Department of Consumer and Industry Services does not have an estimate regarding its administrative costs.
There are no data to indicate how many offenders would be convicted of violating the proposed Act. Local units of government would incur the costs of misdemeanor probation and incarceration in a local facility, which varies by county. Public libraries would benefit from any additional penal fine revenue collected.
- Fiscal Analyst: Maria Tyszkiewicz