Trends Report – State and federal legislation

State and federal legislation greatly influence operations for any business, and ours does not escape this. In fact, given the relative unlegislated environment and overall infancy of the industry, new laws will typical impact how we do business, at a greater level than laws passed in many other industries. For the internet, each new law shapes the fundamental way business occurs rather than refining or putting limits on existing processes. For this Trend Report, we take a look at the major pieces of current and pending legislation.

The first piece of legislation this article looks at had arguably among the biggest impacts on monetization strategies in our space thus far. Ironically though, the law does not appear to have curbed that for which it was intended – spam. Towards the middle to end of 2003, many states rushed through anti-spam laws. Fortunately, congress passed the CAN-SPAM Act of 2004 that superseded the fragmented and unnavigable local laws. The federal CAN-SPAM Act of 2004 requires unsolicited commercial email senders to identify themselves clearly in the "from" line, include subject line text consistent with message content, provide a valid postal address and contain an opt-out mechanism.

As is the case with almost any law, it’s hard to please everyone. Spam fighters for instance argued there were too many loopholes, and they disapproved intensely of the act’s omission for private action, i.e. the ability for a person to sue a spammer.  Marketers on the other hand complained that the law was too vague and would cover welcome electronic messages. They also argued that their ability to communicate with existing customers could become illegal. To address such concerns, the FTC developed rules for determining the primary purpose of an e-mail that will become effective at the end of March 2005. The rules distinguish between "transactional/relationship" messages versus "commercial" e-mails. Transactional e-mails relate to purchases that already have been completed, while commercial messages solicit opportunities to buy or sign-up.

How effective has CAN-SPAM been? Since the measure took effect in January 2004, unsolicited junk e-mail on the Internet has come to total perhaps 80 percent or more of all e-mail sent, up from 50 percent to 60 percent of all e-mail before the law went into effect. Chances are this rise would have occurred anyway, and the law is just starting to see some of its first major prosecutions. Efforts to curb spam are not aided by the growing number of so-called bulletproof Web host services that offer spam-friendly merchants access to stable offshore computer servers. Compound this with the widespread belief that that bulk e-mailers are partnering with virus writers to scrape working e-mail addresses and hijack the personal computers of millions of unwitting Internet users, creating legions of hard to defend against spam cannons.

The second major area for legislation is the “spam” of 2004 – spyware. Legislation dealing with spyware parallels the development of the Can-Spam Act in that efforts to curb it take place on both the state level and the federal level, with state level actions having already made it into law. And similar to CAN-SPAM, the rush to legislate arises form exponentially increasing consumer frustration and helpless – feelings only exacerbated by a general lack of understanding of the marketplace. Consequently, the reaction on the part of lawmakers has, similar to spam, been not just swift but potentially far too wide reaching. As stated in MediaPost, the laws aim to correct the problem caused by a subset of software and that the hard part is not capturing the sentiment but defining exactly the specific subset of software known as spyware. Good software and really bad software tend to be easy to identify. On the spectrum of good and bad, picking a stopping point for including the bad means that some good will most likely be impacted. The level of good impacted is what matters to those in our industry and is likely to include even those outside of software development.

The federal "Securely Protect Yourself Against Cyber Trespass Act" (SPY-ACT) was first introduced in 2003 as bill HR 2929. It passed 399-1 in the House of Representatives in October, 2004, but didn’t reach a vote in the Senate before the end of the 108th Congress. As was the case with that bill, California Representative Mary Bono is also the sponsor for the reintroduced version known as HR 29. The bill, having just been introduced, starts from scratch in its march toward becoming law. It begins in the House Committee on Energy and Commerce and, if successful, goes to the House floor for a vote. There is little doubt it will pass again in the House, and if passed by the Senate could become law later this year.

While the federal law has a long way to go before becoming a law, in September 2004, California passed the Consumer Protection Against Spyware Act. The Act requires websites to inform the user whenever any kind of spyware is about to be installed and makes the installation of such applications against a user’s wishes illegal. The law came into effect as of January 1, 2005, and breaching of the law carries a potential penalty of up to $1,000 per infected user.

The spyware laws have good intentions, but the federal law still has some refinement needed for it to fully alleviate marketers concerns. The bill questions the legality of using any code to capture and store user information, including many of the first- and third-party cookies employed in online advertising. What this means is that potentially, the use of cookie tracking by ad networks as it is employed today could become illegal. Targeting aside, this greatly impacts online advertising at a fundamental level. Without third party cookies advertisers for example wouldn’t be able to properly frequency cap. CPA networks would have a hard time doing real time tracking. Behavioral targeting would also be hit; as it relies on the passing of non-identifiable user data using cookies placed by third-parties. That is why critics argue the federal bill targets the technology more so than the behavior. According to Rep. Cliff Stearns (R-Florida) though, chairman of the Subcommittee on Commerce, Trade and Consumer Protection "We don’t want to necessarily stop those third-party cookies from working…"

Political party affiliation aside, let’s hope third-party cookies are not impacted. The cookie is an endangered species, especially with the proliferation of Norton, Ad-aware, and other popular programs already treating it as dangerous. These programs, like the law are just another challenge that we face. The good news in all of this is that we face it together, which means we will most likely find solutions faster. I’d rather the playing field move but be level rather than become uneven. I can only hope whatever law comes out of Utah will be livable.