Attorneys answer questions about the Federal Trade Commission's email rules (last of three parts).

At iMedia's May Summit, attendees got an update on the latest FTC thinking about spam. The session, moderated by iMedia's Alan Gerson, featured Lew Rose, partner in the law firm of Collier Shannon Scott, and Reed Freeman, chief privacy officer of Claria Corp. Here is a transcript of their presentation. Follow along with the presentation slides here.

Audience Question: How many emails come into the FTC's "refrigerator"?

Freeman: The FTC gets upwards of ten million emails a day on its refrigerator, which it affectionately calls its server.

Audience Question: If they're getting that many emails, how do they determine who to go after?

Freeman: Here's the process. Two economists right now run the consumer protection side of the FTC and they are very careful only to bring cases where the use of the FTC’s resources go after the highest consumer harm, and may provide the best consumer benefit. They actually crunch the numbers and figure that out. So they have this huge database. They look for complaints, they look for dollars, they look for health and safety.

Gerson: Could you go over the rule-making process and how that works, because I think that's an important process people might want to contribute to.

Freeman: Well, there are going to be several different opportunities. They’re engaging in this sort of piece by piece. I had thought that they would do one big one, but no, they’re going piece by piece. They’ve already defined sexually explicit. They already took comments on primary purpose, but look for solicitation for comments on the FTC’s Web site. The FTC has a terrific Web site. Look on its Web site for requests for comment on the next thing, such as the do not email registry. 

Gerson: The rule-making process is really pretty interesting. They ask for comments, they publish the comments, then they respond to the comments, and then they ask for comments on their response to the comments. So it’s an ongoing process until they actually finalize the rules. Yes?

Rose: You’re right, there’s never enough that you can do. But there have been all sorts of opportunities to do it, whether it’s been in workshops the FTC has held. A lot of companies are going in to meet with the FTC outside of the rule-making process, before the rule-making process starts, and meeting with Michael Goodman and all the other lawyers there who are developing the rules and saying, "Here’s what’s on our minds; here are the good things we’re doing. Don’t change those, and get some agreement on that." And frankly, sending in emails to uce@ftc.gov is something that consumers can do that makes them feel somewhat empowered, although as I started with, it takes a half a million emails before the FTC brings a case, which is an enormous amount.

So what a lot of folks are doing is to actually walk in the bad apples, walk in evidence of who the bad apples are. The FTC really has a problem, because it’s really a very small agency. There’s probably in all the FTC five or six people full time working on unsolicited email. It’s an enormous problem, and they just really don’t have the resources, so you really almost have to do all their detective work for them in trying to identify the culprits and AOL and companies like that really have been very, very proactive in going in and identifying exactly where the strain on their servers is coming from. The ISPs really are probably in the best place to do that.

Audience Question: Will the FTC really help you with this if you walk in?

Rose: I think right now, when you go to the government and try to ask them for help, they’re saying, "Hey, we’re swamped on do-not-call list," the FTC's telemarketing rule -- which is the most popular thing they’ve ever done --  and then "We’re very, very busy on doing these rules." So I think there’s no substitute for going in, literally, calling up the staff lawyer and physically going in and meeting them. You could go with your local state attorney general, preferably somebody who’s elected instead of nominated, and get those people interested. Those are the kinds of folks who would be interested, particularly for these companies who are here, who have a large number of employees, all of whom vote. You know, all these attorney generals want to be the next governor, and I think that’s probably where you’re going to get most of your relief. They can operate a lot quicker, and frankly, they can operate to protect the legitimate businesses that are in their own home states.

Audience Question: Rob Key, Converseon. I have a question on the affiliate side, because I think that’s a really interesting area. If a merchant goes through the process, or an advertiser goes through the process of merging and purging their lists and they make their affiliate send them their do-not-send list and it’s purged, etc. but then the affiliate still goes ahead and does an email on their behalf and it’s spam -- if an advertiser has gone through that process, a credible process to help ensure that they’re in compliance, does that protect them? 

Freeman: Sort of. Here’s the practical answer. The standard is: Would you reasonably know that the person has done this? In the example you give, you have no idea. There are rules in place, you scrub, but nevertheless, they go out and do it. The answer is, if they do it once, fine, but if they do it repeatedly and you have complaints in your system from consumers saying, "What the heck is going on?" and there’s any evidence that shows that you knew, even if you didn’t know yourself but one of your reps did, the answer is that you would be liable. Affiliate marketing is the single most aggressive way to go about marketing. It’s very profitable, but the affiliate model is under severe attack. They assume that if you have an affiliate program, you must be trying to hide from something. 

Audience Question: I know you mentioned that it took 500,000 complaints before there is actually anything done. That's an impossible task. Because any true spammer can set up multiple servers, they can have different creative executions, you know they can have ten different ads about Viagra, by Viagra, Viagrapher, Viagren, etc., and you can basically have all these phantom companies set up.

Freeman: Yes.

Audience Question: And then not only that, but there has to be over 500,000 people complaining about one email. It’ll never happen. 

Freeman: Think about the interests here. It’s all about the interests of the various potential plaintiffs. The Federal Trade Commission is trying to go after the most consumer harm, so leave them aside, OK? They’re going to go after the biggest guys who cause the most harm, at least initially. The ISPs don’t care about any of that. They want their servers unclogged, so they’re the ones with the incentive to figure out that kind of scheme and put a stop to it. They have a cause of action under the Act, and they so far have been the most aggressive plaintiffs. If fact, in this case in New York in December, it was a joint effort by Microsoft and the New York attorney general -- how about that for a pair -- in bringing the case, and it was Microsoft that did all the investigative work, and the reason is it had the resources and the incentive. 

Audience Question: Hi. Chris Neuner, Greater Than One. Much like the affiliate model, much of my liability is with third-party publishers, and when I do a campaign with them, or let’s just say a separate data base with a third-party publisher, like Max Worldwide, or something like that, I might schedule a campaign with them and at the same time, I have a database where somebody’s opting out. I think the rule is there’s got to be 30 days or something along those lines, or actually, maybe I’ll ask you -- what is the rule about a suppression list?

Freeman: You’re mixing up telemarketing and spam. In telemarketing, starting in January of 2005, you have to scrub your list against the national list every 30 days. For CAN-SPAM, there is no such rule. For CAN-SPAM, the number is 10 days, and that's from the perspective of the consumer, not you. You have 10 days from the day the consumer opts out to take the consumer off your list and not send him or her email.

Audience Question: OK, so let’s say 10 days. However, I’m doing a campaign through a third party. That person has opted out on my database, but could I still email that user? 

Freeman: No, not if you’re a sender. 

Audience Question: Then the correlation between my opt-out and the third party’s opt-out has to be 10 days as well? 

Freeman: Yes, that's what the FTC says and the states will take the position that you’ve got to do your scrubbing. If you have multiple campaigns and your list is copied from here to there, you’ve got to scrub against your opt-out list, the version of your opt-out list, the day before or nine days before the campaign. They’re serious about that, and that is one of the things that we will see enforced strongly in the near term. The FTC is permitted to issue a comment, a rule-making, regarding the 10-day period. They can extend it if they want to, and this is one of the things Lew was talking about. If you have a practical reason why that just can’t be done, notwithstanding your best intentions, you should be going in to see Michael Goodman at the FTC and sit down with him. 

Gerson: Government is the triumph of form over substance. I know from experience other agencies that go into them and try to get them to understand the practicalities -- the staff of the agencies actually do want to understand what the heck’s going on. 

Rose: Right, and the time to do that is now, before the FTC issues its Federal Register Notice, which proposes a whole scheme because frankly, although they’re accepting comments on that and they may change it around the margins, they are sort of wedded to what they did, because they’ve already written a memo that sort of explains it all, and it’s gone up to all the political appointees. By the middle of June, they’ll probably have some proposal floating, so the time to act is now.