Friday, 12 December 2003

Virginia launches felony spam prosecutions

Virginia's Attorney General, Jerry Kilgore, announced yesterday that his office has launched two prosecutions on felony charges related to sending spam. One well known spammer, Jeremy Jaynes, a.k.a. Gaven Stubberfield, was arrested in Raleigh, NC, where his alleged coconspirator, Richard Rutowski, negotiated his surrender to authorities. (The New York Times and Washington Post have coverage: NYT "Virginia Indicts 2 Under Antispam Law," WP "Virginia Indicts Two Men On Spam Charges.")

Much ado has been made of the federal CAN-SPAM Act's preemption of state spam laws, so let us compare a few features of the Virginia and federal statutes.

The crime defined under the Virginia law becomes a felony when the spammer sends more than 10,000 illegal messages in a day or 100,000 in a month. CAN-SPAM's bar is set much lower, requiring only 100 and 1,000 messages, respectively, to trigger felony penalties. The maximum prison sentence is 5 years under both laws, assuming that aggravating factors are present. Finally, the Virginia law permits a fine up to $2,500, whereas CAN-SPAM permits fines under Title 18 U.S.C., which can reach many times higher than $2,500.

In addition, the Virginia law requires that spam pass through the state. Unless an email is sent to a Virginia resident, it can be impossible to prove beyond a reasonable doubt that the message passed through the state's borders, unless it was handled and its header stamped by a mail server in that state. Virginia is more the exception than the rule in this area, as the home of America Online (AOL), the world's largest ISP. It is unlikely that any spam would not reach at least one AOL customer. The other 49 states would have a harder time proving this element of the crime. CAN-SPAM, on the other hand, is triggered when spam affects any "protected computer," as defined in 18 U.S.C. 1030(e)(2)(B): "a computer…which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States." That definition includes all computers that connect to the Internet.

Posted at 10:55:40 AM | Permalink

Trackback URL:
Topics: Cybercrime, Spam
Email this entry to:

Your email address:

Message (optional):

Powered by Movable Type