The Utah bill was sent to the governor's desk less than forty days after being introduced and with little industry involvement. While the Utah legislature certainly deserves high praise for recognizing and responding to a serious consumer privacy issue, unfortunately their rush to adopt the nation's first spyware law resulted in definitions so broad that it prohibits legitimate as well as pernicious Internet activities. A coalition of companies from AOL to Yahoo! quickly recognized the detrimental ramifications and have mobilized against the law; pointing out that the law's broad definitions would ensnare legitimate practices such as upgrade or reminder notices, impede Internet security efforts and clog the Internet with a wave of consumer notices. In addition, by providing statutory damages of $10,000 per incident, the legislature has guaranteed a litigation frenzy that will dwarf the deluge caused by the state's spam law (which was also passed during an election year).
This brings us to the blind men and the elephant who concluded the elephant was a wall, a spear, a snake, a tree or a fan, depending on what part it touched. Last year, I spoke with a number of Congressmen, state legislators and their staffs on the many spam bills under consideration and discovered that many actually knew very little about the email marketing industry they were attempting to regulate (although one legislator was all too willing to discuss some of the racier emails he received) - including some of those leading the charge for spam legislation. This was all too evident in California's spam law - which even its author conceded was flawed - that would have effectively shut down email marketing in California. History may repeat itself since the spyware crusade is being led by some of the same state legislators who missed the mark on spam legislation.
Fortunately, the FTC is hosting a forum on spyware and Congress is likely to follow up with further hearings on spyware and pending federal legislation. Hopefully, this will increase understanding of the issues involved in regulating spyware and elevate the debate beyond "spyware is bad." Perhaps most importantly, given the absence of definitive and foolproof geographic segmentation on the Internet, any solution must by necessity be at the federal, or even international, level.
Of course, another reason for resolving this issue at the federal level is because the Constitution gives the authority to regulate Internet commerce to Congress. Utah's attempt to regulate the entire World Wide Web far exceeds its authority under the Constitution. Similar state attempts to regulate the entire Internet have been found unconstitutional. For example, in American Library Association v. Pataki, the court struck down a New York law finding that the state had "deliberately imposed its legislation on the Internet and, by doing so, projected its law into other states whose citizens use the Net. This encroachment upon the authority which the Constitution specifically confers upon the federal government and upon the sovereignty of New York's sister states is per se violative of the Commerce Clause."
This brings us to the final axiom. There is no political downside to passing a popular law that may be found unconstitutional. Passing the law generates immediate positive publicity, (in an election year no less) while any legal challenge could take a year or more to reach a final resolution. Should the court invalidate the law, consumers will not fault the legislature for trying and will most likely focus their frustration on the courts.
The Utah legislature should be commended for making spyware the hot technology issue for 2004 and forcing our industry and Congress to address a serious issue. With Congressional hearings having just begun, and the FTC forum just around the corner, a meaningful solution to this problem may be within reach-but this should only be after due deliberation and input from all those with an interest in the legislation.
Bennet Kelley is Vice President of Legal & Strategic Affairs for Hi-Speed Media, Inc., a ValueClick company.