Why Opt-In Shouldn’t be Law

Many experts lately have been decrying efforts to kill or gut an anti-spam bill working its way through the legislative process in Canada.

These experts are well intended but wrong.

For example, e-mail expert Al Iverson recently posted on his blog the following: “Why do people want to kill or gut Bill C-27? I’m having a hard time seeing a problem with an opt-in requirement; it’s already best practice. People who don’t follow opt-in as a best practice are already doing things wrong. We want less spam in the world, not more. Even marketers should agree, shouldn’t they?”

No, they shouldn’t.

First, let me make clear I have a great deal of professional respect for Iverson.

However, legislating opt-in e-mail marketing is not wise.

And no, I’m not pro spam. I believe bulk commercial e-mail should be sent on a permission basis only.

But just because something is desired behavior doesn’t necessarily mean it should be legislated behavior.

According to Internet security firm Symantec, in the third quarter of 2009, botnets were responsible for 87.9% of all spam. The people operating these botnets are already criminals. A new opt-in based Canadian law won’t affect their behavior.

Instead, a new Canadian opt-in based e-mail law would put squarely in its crosshairs companies that aren’t the problem.

Imagine the following scenario:

Law-abiding Company A has an e-mail list to which it sends special offers on a regular basis. The company isn’t intentionally a spammer, but for whatever reason doesn’t have a verification e-mail as part of its list-building process.

Meanwhile, a vehement anti-spammer (let’s call him Vehement Anti-Spammer) gets into an argument with someone who promptly registers Vehement Anti Spammer’s e-mail address with Company A because he knows it will drive Vehement Anti-Spammer bat-sh!t crazy when he starts getting e-mail he did not request.

When Vehement Anti-Spammer starts getting e-mail from Company A, he predictably goes bat-sh!t crazy, calls Company A and demands to stop receiving messages but won’t supply Company A with his e-mail address so it can be suppressed. Vehement Anti-Spammer then sends Company A a letter threatening to sue it for a six-figure sum unless Company A settles for a four-figure sum.

Vehement Anti-Spammer then posts photos of Company A’s proprietors on his Web site and calls them spammers. Company A then sues Vehement Anti-Spammer for defamation.

Vehement Anti-Spammer then countersues Company A.

Company A eventually wins, but not before spending a bunch of money defending itself and tying up court resources with a trivial dispute that never should have seen the light of day over six—count ‘em, six—e-mails.

Oh wait. That really happened in Omega World Travel V. Mummagraphics.

And it happened in the United States where the Can Spam Act is opt-out based and does not contain a so-called private right of action giving individuals the right to sue over alleged violations. But even though Can Spam narrowly defined who can sue as bona fide ISPs and law enforcement, anti-spam zealots still sued.

Not only is Canada’s Bill C27 opt-in based—if I’m reading it correctly—it contains a private right of action allowing any individual to bring a case.

If it is passed into law, there will—not might, will—be a group of zealots who will use it to sue companies over hyper-technical violations. They will tie up Canadian courts with trivial nonsense that is a minuscule part of a far larger problem—a problem that is already being handled spectacularly by ISPs’ anti-spam teams.

These anti-spam-zealot litigation mills will force companies to spend money defending themselves that they could otherwise spend hiring new people and/or developing new products and services.

Meanwhile, the botnet operators who are already breaking the law and are responsible for close to 90% of the problem will happily keep spamming away.

Will some companies tighten up their e-mail policies in response to a Canadian opt-in based anti-spam law? Sure.

But nuisance so-called legitimate e-mailers are already being punished with deliverability issues by the ISPs that block messages their account holders don’t want.

When it comes to spam, law enforcement and the courts’ resources should be spent fighting fraud, not enforcing the picayune aspects of permission. The marketplace is already doing about as a fine job of that as can be expected.

C27 is a well-intentioned effort that aims to police the wrong neighborhood. If it passes as is—which is currently looking to be the case—it will be a disaster.