Developments of Note

A Virginia appeals court rejected all jurisdictional and constitutional issues raised by a defendant given a nine-year sentence under the Virginia anti-spam law. Jaynes v. Commonwealth of Virginia, No. 1054-05-4 (Va. Ct. App. Sep. 5, 2006). The court rejected the argument that the defendant was not properly charged under Virginia criminal law, concluding that the defendant's actions in sending thousands of e-mails to America Online subscribers necessarily meant that the messages had to pass through AOL e-mail servers located in Virginia, within the jurisdiction of the Virginia trial court. The court also rejected several federal constitutional arguments, ruling that the anti-spam statute, which criminalizes intentional falsification of a sender's identity to gain access to a service provider's network, 'prohibits trespassing on private computer networks through intentional misrepresentation, an activity that merits no First Amendment protection.' The court further ruled that the statute did not violate the federal Dormant Commerce Clause, finding that the statute protected a legitimate state interest, and that the requirement that an e-mail sender not provide false transmission information is not an undue burden on interstate commerce.

Three new measures aimed at protecting consumer privacy and preventing identity theft were recently signed into law in New York: S.6723/A.12033, S.6909C/A.10067D and A.891F/S.5005F. The Consumer Communication Records Privacy Act (S.6723/A.12033) prohibits the sale, fraudulent transfer, or solicitation of a consumer's telephone records without consent from the consumer. S.6909/A.10076D places limits on the use of Social Security Numbers (SSNs) by: 1) prohibiting the intentional communication of an individual's SSN to the general public; 2) restricting businesses' ability to print an individual's SSN on mailings or on any card or tag required to access products, services, or benefits; 3) prohibiting businesses from requiring an individual to transmit his or her encrypted SSN over the Internet; and 4) requiring businesses that possess SSNs to implement appropriate safeguards and limit unnecessary employee access to SSNs. Finally, A.891F/S.5005F amends the New York Penal Code to clarify the application of the computer-crime law to malicious spyware, adware and computer viruses.

A group of entities and individuals charged by the FTC with placing harmful spyware and deceptive spyware on consumer computers have agreed to a $2 million fine and a permanent injunction to settle the charges. FTC v. Enternet Media, Inc., No. CV05-77777CAS (C.D. Cal. settlement filed Aug. 23, 2006). According to the FTC's complaint, the Web sites of the defendants and their affiliates caused installation boxes to pop up on consumers' computer screens, offering a variety of freeware downloads; in some cases, the boxes warned that consumers' Internet browsers were defective and offered free browser upgrades or security patches. The downloads, the FTC alleged, infected consumer computers with spyware that was difficult to remove and interfered with the functioning of the computer by changing home page settings, inserting new toolbars and browser windows, and displaying pop-up ads even when consumers' Internet browsers were not activated.

Virginia Appeals Court Upholds
Anti-Spam Conviction, 9-Year Sentence

A Virginia appeals court rejected all jurisdictional and constitutional issues raised by a defendant given a nine-year sentence under the Virginia anti-spam law. Jaynes v. Commonwealth of Virginia, No. 1054-05-4 (Va. Ct. App. Sep. 5, 2006). The court rejected the argument that the defendant was not properly charged under Virginia criminal law, concluding that the defendant's actions in sending thousands of e-mails to America Online subscribers necessarily meant that the messages had to pass through AOL e-mail servers located in Virginia, within the jurisdiction of the Virginia trial court. The court also rejected several federal constitutional arguments, ruling that the anti-spam statute, which criminalizes intentional falsification of a sender's identity to gain access to a service provider's network, 'prohibits trespassing on private computer networks through intentional misrepresentation, an activity that merits no First Amendment protection.' The court further ruled that the statute did not violate the federal Dormant Commerce Clause, finding that the statute protected a legitimate state interest, and that the requirement that an e-mail sender not provide false transmission information is not an undue burden on interstate commerce.

Three new measures aimed at protecting consumer privacy and preventing identity theft were recently signed into law in New York: S.6723/A.12033, S.6909C/A.10067D and A.891F/S.5005F. The Consumer Communication Records Privacy Act (S.6723/A.12033) prohibits the sale, fraudulent transfer, or solicitation of a consumer's telephone records without consent from the consumer. S.6909/A.10076D places limits on the use of Social Security Numbers (SSNs) by: 1) prohibiting the intentional communication of an individual's SSN to the general public; 2) restricting businesses' ability to print an individual's SSN on mailings or on any card or tag required to access products, services, or benefits; 3) prohibiting businesses from requiring an individual to transmit his or her encrypted SSN over the Internet; and 4) requiring businesses that possess SSNs to implement appropriate safeguards and limit unnecessary employee access to SSNs. Finally, A.891F/S.5005F amends the New York Penal Code to clarify the application of the computer-crime law to malicious spyware, adware and computer viruses.

A group of entities and individuals charged by the FTC with placing harmful spyware and deceptive spyware on consumer computers have agreed to a $2 million fine and a permanent injunction to settle the charges. FTC v. Enternet Media, Inc., No. CV05-77777CAS (C.D. Cal. settlement filed Aug. 23, 2006). According to the FTC's complaint, the Web sites of the defendants and their affiliates caused installation boxes to pop up on consumers' computer screens, offering a variety of freeware downloads; in some cases, the boxes warned that consumers' Internet browsers were defective and offered free browser upgrades or security patches. The downloads, the FTC alleged, infected consumer computers with spyware that was difficult to remove and interfered with the functioning of the computer by changing home page settings, inserting new toolbars and browser windows, and displaying pop-up ads even when consumers' Internet browsers were not activated.