On the CAN-SPAM Requirement for Labeling of Emailed Sexually Explicit Content

In December 2003 the US Congress passed the "Controlling the Assault of Non-Solicited Pornography and Marketing Act" otherwise known as "CAN-SPAM" [1]. Among other provisions of this act were requirements that the Federal Trade Commission (FTC) prescribe a mark to be used to identify sexually explicit content in email, and that FTC also prescribe a "plain brown wrapper" such that emailed sexually explicit content would not be immediately viewable to a recipient.

As a contributor to several of the specifications for email protocols that are used on the Internet, I was (and am) concerned about the problems that could result when the US Congress and the FTC start trying to modify those protocols, or specify uses of those protocols that are not consistent with their design or intended use. I also thought that because of that background, I might be in a good position to influence the FTC's deliberations in a constructive matter. Accordingly, when the FTC issued a Notice of Proposed Rulemaking (NPRM) [2] to require commercial-oriented sexually explicit content to contain "SEXUALLY-EXPLICIT-CONTENT:" in the Subject line, and to require a "plain brown wrapper", I submitted lengthy comments [3] in response. Basically the intent of my response was: (a) to get them to better understand the technical implications of what they were proposing and (b) to get them to improve their proposal so that it would have fewer undesirable effects on the mail protocols. A secondary intent was to get them to understand the impact of their proposal regarding First Amendment concerns. On April 13, 2004 the FTC issued the Final Rule [4], modifying title 16 of the Code of Federal Regulations part 316. This essay is essentially my reaction to the Final Rule.

1. I'm pleased that they took my comments seriously. The Federal Register text introducing the Final Rule cites those comments at least sixteen times. I tried to phrase my comments in a way that recognized the FTC's burden to craft a compromise between the intent of Congress, the legitimate interest of the public to avoid being confronted with lots of sexually explicit advertisements, and First Amendment case history. I also tried to explain the technical considerations in such a way that they could be understood by nontechnical people. Finally I tried to structure the comments in such a way that they were logical (maybe like a legal argument, though I have no experience with these) and easily referenced. After reading the other comments that people submitted [5] I was worried that perhaps my comments were too lengthy, but it's obvious from the Federal Register text that they read them carefully and gave them careful consideration.

2. I'm pleased that the Final Rule shortened the mark used to denote sexually explicit content from "SEXUALLY-EXPLICIT-CONTENT:" (as specified in the Proposed Rule) to "SEXUALLY-EXPLICIT:". I would have preferred an even shorter mark, but I'm glad that the FTC recognized that such a long mark would interfere with people's ability to choose whether, and when, to read messages based on their subjects.

3. I'm especially pleased that the Final Rule explicitly does not apply to any content in a message sent with the recipient's prior consent. I was concerned about the burden that the Proposed Rule might impose on legitimate traffic (e.g. by essentially requiring all messages that might be sexually explicit to be sent using different tools than other messages) and on mailing lists that might happen to forward such traffic. I still have some concerns about this, but the "prior consent" rule helps a bit. For instance, maybe I could say to my list subscribers:

Sexually explicit content is not appropriate for this list. Messages sent to subscribers of this list are automatically filtered to some degree, and some messages are manually reviewed before sending them to the list. However, there does exist some possibility that an occasional sexually explicit message will slip through. As a condition of subscribing to this list you consent to receiving any sexually explicit messages that are sent to list subscribers. If at any time you believe that we are not exercising appropriate care to prevent sexually explicit messages from being sent to the list you are free to complain to the list maintainer and/or unsubscribe.

4. I'm disappointed that the FTC declined to specify a standard, acceptable way of implementing the "plain brown wrapper" that would permit senders of sexually explicit content to include such content in the email message. Despite my attempts to explain this to them, I don't think they understood that due to a wide variation in email client behavior, there is no way to prevent any content that is included in an email message from being initially viewed by a user, while still making such messages viewable by all recipients. Such a message could contain a link to content on a web page, but not all mail user agents support HTML. In addition, sending a link to a web page may defeat the sender's purpose in sending the message over email (since the recipient may not have full-time high-speed internet access with which to access the content), and also may expose the recipient to additional privacy and security threats (via web cookies, HTTP-borne viruses, etc.). The Final Rule specifies that the initially viewable portion of a commercial sexually explicit message may only contain certain information - but technically speaking, there is no precise definition that implementors can rely on for what is or is not "initially viewable". The FTC seemed to think that merely requiring the recipient to "scroll down" would be sufficient, even while noting that the variation in recipients' display hardware would make it difficult for the sender to ensure that the recipient did not see the material without explicit consent. What the FTC seems to have missed was that not all computers have scrolling displays - and that for those mail readers who don't have built in web browsers, full-time internet connections of adequate speed, or mice - content on the web referenced by an email message is not 'just a "mouse click" away'.

5. I'm also disappointed that the FTC failed to recognize that various kinds of modifications to the Subject field (such as "Re:" or "Fwd:" or the tags added by mailing lists) might cause the Proposed Mark to be moved from the first position of the Subject line. The Federal Register text asserts that "A tag is automatically placed in the subject heading of an email message only after the original email recipient has taken some affirmative step either to respond to or forward the email". The variation in the behavior of deployed user agents is such that this statement is unsupportable. FTC seems to assume that the only modifications to Subject fields are the result of some explicit action of a human message sender, which is not the case.

6. I'm also disappointed that the FTC failed to specify some kind of language-independent mark in addition to the mark specified in the Subject field, such as the "NO SOLICITING" proposal by Carl Malamud [6]. However given the short time that the FTC was given by Congress to specify a mark, and the uncertain standardization status of Mr. Malamud's proposal, I can hardly blame the FTC for not referencing it. (I don't believe that such a mark would have been considered sufficient by itself, given that no existing user agents support it. Maybe it can be added eventually.)

It still bothers me that this law may have the effect of trying to impose the United States's peculiar (and somewhat bizarre) standards for decency on the entire world.

7. Finally, I'm disappointed that the FTC did not seem to recognize the potential costs of the Rule not only on purveyors of sexually explicit content (who might now need to maintain a separate set of tools to send sexually explicit content beyond those used for ordinary email), but also on ordinary commercial businesses whose employees might occasionally (and company policy notwithstanding) send out sexually explicit content to friends using the business's equipment and network facilities. That employees should not use company email in this way is beside the point; the point is that companies should not be forced to incur significant risk or expense because of the relatively harmless action of an occasional employee. An occasional sexually explicit message isn't going to harm anyone; what we (well, most of us) are concerned about is the deluge of such messages from spammers. As I read the Final Rule, companies might now find it necessary to try to filter outgoing email to prevent such content from being sent - especially given that the Final Rule, unlike the Proposed Rule, explicitly applies to not only images but also text. This means that it's not sufficient to merely filter email messages containing images - any email message sent from a company is potentially sexually explicit.

(To be fair, Congress didn't leave the FTC much leeway here. As I understand the CAN-SPAM Act, there's no requirement for message volume - even an occasional sexually explicit message is considered an infringement, and thus, a threat to any business that allows its employees to use email.)

Any measure that potentially affects the transparency of the email system should be considered with extreme care. There are occasionally legitimate reasons to send sexually explicit content even from businesses which have no interest in purveying sexually explicit content. For instance, what if you are a system administrator who wants to complain about some content on behalf of a user? You can't forward that content in your complaint if your local mail system filters it out.

--

Despite my disappointments, I'm glad I took the time to send in comments. It appears that I was able to bring several issues to their attention that they might not have considered otherwise. And they did shorten the mark from the one that they had proposed. The Final Rule seems like a significant improvement over the Proposed Rule. My hope is that they'll get encouragement to improve these rules and that they'll change them in the future to be more reasonable.

Reading my comments again, I wish I had expressed some of them more effectively. Because I strongly believe in the First Amendment, I tried to explain things from the point-of-view of someone sending explicit content. But I don't think I took enough time to examine how this rule might affect businesses that had no intention of sending sexually explicit material. Unfortunately with the CAN-SPAM Act Congress imposed a tight deadline for adoption of these provisions, and this clearly impaired both the FTC's ability to compose a well-written rule and the ability of the public to respond to the FTC's proposal.

In case someone reading this is aghast that I would dare to argue against a proposal to regulate sexually explicit email: I've never had a significant objection to the intent behind this part of the CAN-SPAM act - that of labeling such content and making sure that the recipient consents to viewing such content before it is presented to him or her. My objections were, and are, to the details by which the rule specifies that this be done, and to the unintended effects that this rule might have. My main hope is that this rule doesn't significantly affect the transparency, reliability, and cost-effectiveness of email for people and businesses who don't intend to send sexually explicit content.

Disclaimer: I'm not a lawyer. The above interpretations of the CAN-SPAM Act and the Code of Federal Regulations are mine, but I don't know whether they'd keep you from being sued, or whether they'd hold up in court. So don't blame me if you take my word for something and something bad happens because of it.

References

[1]	CAN-SPAM act as passed by the U.S. Congress. Incorporated as Public Law No. 108-187.
[2]	Federal Register Notice of Proposed Rulemaking (January 11, 2004)
[3]	My comments in response to the NPRM (February 16, 2004)
[4]	Notice of Final Rule in the Federal Register (April 13, 2004)
[5]	Other responses to the NPRM
[6]	"A No Soliciting SMTP Service Extension". Internet-Draft <draft-malamud-no-soliciting-07.txt>. (work in progress)