Caslon Analytics elephant logo link to home page title for Spam Regulation note

home | about | site use | services | guides | profiles | papers | timeline |::| Analysphere | Ketupa


overview

industry

offers

fraud

statistics

cases















related pages icon
related
Guides:

Governance

Information
Economy

Security
& InfoCrime







related pages icon
related
Profiles:

Spam
regulation in Australia

Messaging

Do Not Call
Registries

Forgery &
Forensics

Identity
Theft

Surveillance


section heading icon     cases

This page considers selected overseas prosecutions of spamming.

It covers -

Australian prosecutions and warnings are discussed in more detail here, as part of the note on the Australian and New Zealand spam regimes.

subsection heading icon     introduction

Pessimism about the prospects for controlling spam at a global and international level is sometimes based on perceptions that even the most egregious spammers cannot be identified, prosecuted and meaningfully punished.

It is thus interesting to see the slow emergence of case law regarding spam, with successful prosecutions likely to have some impact in encouraging awareness within particular jurisdictions and more broadly underpinning international development.

subsection heading icon     the UK

In the UK during December 2005 a county court judge in Colchester ruled against a Scottish-based business in what is claimed as the first action of its kind under the EU Directive on Privacy & Electronic Communications.

Channel Islands-based businessman Nigel Roberts sued Media Logistics UK, a Stirlingshire "electronic direct marketing" company, after receiving spam email.

He commented that

The new law gives anyone who is spammed the right to seek damages against the originators of the unwanted e-mail, fax or text message. I wrote to the company asking for an apology and claiming damages under Regulation 30 of the privacy regulations. I also asked under the [UK] Data Protection Act for details of the data that the company had obtained and stored about me - and I particularly wanted to know who had supplied them with my e-mail address. When they declined to give the information or make any offer, I issued a claim against them in England, where they are incorporated, under the anti-spam laws.

The company acknowledged the claim but did not defend it, agreeing to an out-of-court settlement of damages of £270 and the £30 claim fee after the judge ruled in his favour.

In May 2006 London's High Court ruled that spammers could be prosecuted under the 1990 Computer Misuse Act, overturning a district judge's ruling that 18 year old David Lennon had no case to answer after being accused of using a computer program to send five million emails to the firm that had fired him. The judges commented that although a computer user might consent to being sent some unsolicited email, that consent did not extend to "receiving a barrage of such messages".

subsection heading icon     elsewhere in the EU

In 2004 Danish telco equipment company Aircom was fined €56,000 in a case brought by Denmark's National Consumer Agency, somewhat more energetic than its UK counterpart. The court found that Aircom had breached regulations under the 2002 EU Directive by sending more than 15,000 spam emails.

subsection heading icon     the US

In 2003 district court in Atlanta awarded US ISP EarthLink US$16.4 million in damages against Howard Carmack (aka the 'Buffalo Spammer'), a New York resident who had alleged used illegal means to send over 825 million spam emails. Carmack was permanently banned from spamming and from related activities that include selling email addresses. He had reportedly built a US$24 million fortune and boasted "Nothing is in my name, so you'll never catch me".

That claim was incorrect and in 2004 he was found guilty (PDF) in a separate trial in New York of identity theft, fraud and falsification of documents (including email header and sender information). He was sentenced to seven years in prison.

Jeremy Jaynes, a North Carolina resident, was convicted in Virginia during 2004 of sending spam with forged headers via servers located in that state. The decision reflected Virginian anti-spam law rather than the federal 2003 CAN-SPAM Act.

Spamhaus had characterised him as the eighth most prolific spammer in the world. He had used different identities and front businesses for get rich quick schemes and some particularly unlovely animal pornography spam. Conviction of his sister and alleged associate Jessica deGroot was overturned in 2005.

Nicholas Tombros entered into a plea agreement with prosecutors in a 2004 case under the criminal provisions of the federal CAN-SPAM Act. He had been accused of sending adult-content email spam via unauthorised use of unsecured wireless networks. Tombros allegedly drove through Los Angeles with a wi-fi laptop sniffing out unsecured residential access points. He had obtained the email addresses from working in a credit card aggregation company.

In 2005 Microsoft gained a US$7 million settlement in an antispam lawsuit against Scott Richter, self-proclaimed 'King of Spam', who had allegedly been involved in distribution of a mere 38 billion spam messages. Richter had settled a case brought by New York Attorney General Eliot Spitzer in 2004.

During the same year AOL disposed of gold bars and a Hummer H2 vehicle (replete with the numberplate 'CASHOLA') that were among assets as part of a US$13 million judgment against New Hampshire spammer Braden Bournival and partner Davis Wolfgang Hawke, a former neo-nazi. The litigation was AOL's first lawsuit under the CAN-SPAM Act. In 2006 AOL announced that it would conduct a treasure hunt for gold and platinum ingots reportedly secreted by Hawke - inevitably dubbed the Spam Nazi - who defaulted on the court judgment and then disappeared.

18 year old Anthony Greco of New York was arrested in 2005 for violating the CAN-SPAM Act by allegedly sending over 1.5 million instant messages advertising mortgage refinancing services and adult pornography to users of MySpace.com's IM service. He had reportedly fraudulently created thousands of accounts at MySpace and then sent spim. Bizarrely, he had then allegedly contacted MySpace.com and demanded exclusive rights to send commercial email to MySpace.com users.

In 2005 Iowa-based ISP CIS Internet Services was awarded US$11.2 billion in a court judgment against Miami-based James McCalla over 280 million email messages sent to CIS accounts. The spam advertised gambling, adult content, mortgage and debt-consolidation services. The judgment also prohibits McCalla from accessing the net for three years. It follows a separate US$1 billion judgment after litigation by CIS against three other spammers.

In 2006 24 year old Ryan Pitylak settled lawsuits in US federal court with the state of Texas and Microsoft. The settlement cost him at least US$1 million and took away most of his assets. He admitted sending 25 million spam messages every day at the height of his activity in 2004. As part of the settlement with Microsoft, Pitylak promised to never send "false, misleading or unsolicited commercial email". Hhe proclaimed, disingenuously or otherwise, that the experience had been "a serious reality check" and said that he was

pleased to announce that I am now a part of the antispam community, having started an Internet security company that offers my clients advice on systems to protect against spam.

Pitylak and associates Mark Trotter, Gary Trappler and Alan Refaeli handed over more than $US10 million.

 

 



::


this site
the web

Google
version of August 2006
© Caslon Analytics