[Congressional Record Volume 143, Number 81 (Wednesday, June 11, 1997)]
[Senate]
[Pages S5508-S5510]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mr. TORRICELLI:
  S. 875. A bill to promote online commerce and communications, to 
protect consumers and service providers from the misuse of computer 
facilities by others sending bulk unsolicited electronic mail over such 
facilities, and for other purposes; to the Committee on Commerce, 
Science, and Transportation.


             the ELECTRONIC MAILBOX PROTECTION ACT OF 1997

  Mr. TORRICELLI. Mr. President, I rise today to introduce the 
Electronic Mailbox Protection Act of 1997, in the hopes of addressing 
an increasingly serious threat to online commerce and personal privacy 
rights--the distribution of unsolicited, bulk e-mail by unidentifiable 
senders.
  It is an unfortunate side effect of the burgeoning and exciting world 
of online communication and commerce that more and more individuals are 
finding their electronic mailboxes filled to the cyber-brim with 
unsolicited messages. And many Internet service providers are facing 
slowdowns or even breakdowns of their systems due to uncontrollable and 
unaccountable senders of unidentifiable and unsolicited bulk e-mail.
  Mr. President, some have suggested that we simply ban all unsolicited 
e-mail. But some people do want to receive these unsolicited messages, 
especially when they are tailored to their personal interests. And 
legitimate businesses and organizations are increasingly using 
unsolicited e-mail to recruit new customers, new members, or even 
financial assistance.
  However, many people do not wish to receive unsolicited e-mail at 
all. And many new businesses are less than fully legitimate--all too 
frequently, unsolicited e-mail arrives with no return address, and no 
means of opting-out of future mailings. In fact, it is precisely 
because many bulk e-mailers know that their activities are going to 
meet massive opposition that they disguise their identities or alter 
their return addresses.
  Newly developed software and increasingly brazen cyber-promoters have 
only exacerbated the problem. In some cases, these messages have slowed 
down or even crippled Internet service through local or national 
Internet service providers.
  Many of these new cyber-promoters collect millions of addresses from 
service providers without consent, mail to those who have already 
expressed a desire to be kept off bulk e-mail lists, or purposefully 
disguise their identity or return address. They refuse to yield to 
public pressure, private suit or any other citizen action, and the more 
destructive of their tactics must be addressed before the situation 
overwhelms the Internet and paralyzes legitimate online commerce--
something must be done.
  As a result, I have been working for some time now with privacy 
groups, marketers, online service providers, and others to develop 
strong but reasonable legislation to put a stop to the most destructive 
e-mail practices, while protecting the first amendment rights of all 
who wish to send legitimate e-mail of any kind.
  Mr. President, I have long been concerned about excessive--indeed 
any--Government regulation of the Internet. Many of the best qualities 
of American life are represented and enhanced by the Internet--the 
world's most democratic medium--and I do not wish to stifle speech or 
inhibit the freedom of commerce or expression. However, the problem of 
unaccountable junk e-mailers will not go away, and if we do not address 
this problem with legislation we risk the destruction of all legitimate 
expression and commerce on the information superhighway.

  After a long back and forth process with a wide variety of interests, 
I believe we are all finally in agreement that the bill I introduce 
today represents the strongest and most balanced approach to this 
growing problem. Specifically, my bill includes the following key 
provisions.
  First, and most simply, my bill will prohibit anyone from sending e-
mail to a person who has asked not to receive such mail--either prior 
to receiving the first message or in response to an unsolicited message 
that made its way into the recipients mailbox. Mr. President, this 
provision requires no more than common courtesy and proper business 
sense. But unfortunately, this provision is sorely needed by the 
thousands--even millions--of recipients of repetitive and unsolicited 
e-mail.
  And the bill also contains a pro-active provision which effectively 
defines prior notice as including either direct notice or notice 
through a standard method adopted by an Internet standard setting body, 
like the Internet Engineering Task Force. In other words, we allow the 
IETF or another community-recognized organization to discuss, develop, 
and adopt a method of preemptively informing all senders that certain 
recipients do not want to receive any unsolicited electronic mail. This 
could take the form of an opt-out system, an opt-in system, or even 
some sort of address labeling standard--whatever the Internet community 
chooses to adopt. But once the standard is in place, my bill will 
require that senders comply with that standard. We have given the 
Internet community the tools to enforce their own pro-active steps, and 
I believe this achieves a proper balance between Government action and 
self-regulation. As much as is possible, Congress should avoid 
dictating the details of Internet architecture.
  Second, my bill will prohibit sending unsolicited e-mail from an 
unregistered, illegitimate, or fictitious Internet domain for the 
purpose of preventing an easy reply. Such tactics have become 
increasingly common in recent months, because the less responsible 
marketers know--they just know--that many of the recipients of their 
unsolicited junk will be unhappy and wish to respond. Rather than act 
responsibly and respond to complaints as they come in, these fly-by-
night marketers prefer to make it impossible to respond. We have all 
heard from constituents who are simply fed up with these practices, and 
this bill will empower our constituents to do something about it.
  Third, my bill will prohibit the use of procedures designed to defeat 
or circumvent mail filtering tools. Consumers and service providers are 
getting better at using mail filters to block out unwanted mail. But 
these filtering programs, still in relative infancy, are no match for 
cyber-promoters with sophisticated techniques and all the time in the 
world to work on skirting the filters and making it into your mailbox.
  Next, my bill will prohibit anyone from using a computer program to 
harvest, or gather, a large number of e-mail addresses for the purpose 
of sending unsolicited e-mail to those addresses or selling the list to 
other senders of unsolicited e-mail--if such activity would be against 
the policy of the computer service from which the addresses are 
collected. In other words, if America Online or AT&T or Panix or Erols 
have policies against using a computer to harvest addresses of their 
subscribers, cyber-promoters would have to comply.

  My bill also puts a stop to so-called hit and run spamming, which 
occurs when someone gets access to a temporary e-mail account, sends 
out thousands of unsolicited messages, and then

[[Page S5509]]

abandons the account and leaves the service provider to clean up the 
mess. Under my bill, registering an Internet domain or e-mail account 
for the purpose of sending unsolicited e-mail and avoiding replies 
would be prohibited.
  Finally, Mr. President, my bill directs the FTC to pay close 
attention over the next 18 months to the affects that this bill has on 
the junk e-mail problem. At the end of that time, the FTC will submit a 
report to Congress detailing its findings, and we can determine whether 
or not new action is necessary.
  And what will happen to those who break the rules we intend to set 
down in law? Well, there are two possibilities. First, there is a 
$5,000 civil penalty for each violation, to be imposed by the U.S. 
Government.
  But more importantly, this bill empowers the individual recipient or 
service provider suffering the effects of a violation of this bill to 
sue for damages. These damages range from $500 for simple violations 
all the way up to $5,000 for particularly egregious or willful abuses. 
And if we think about the possibilities for class action suits, we can 
quickly see the deterrent effect of these provisions.
  Mr. President, this bill will not prevent all unsolicited e-mail. 
Legitimate marketers, nonprofit organizations and others will still be 
able to send unsolicited e-mail, even in bulk. However, this 
legislation will make the senders of the e-mail accountable to the 
service providers and to the e-mail recipients. No longer will brazen 
promoters be able to disguise their identity and hide behind 
technology--from now on, they will be accountable for what they send 
and punished if their tactics are of the kind that merit such action.
  Put simply, Mr. President, my bill will empower consumers and 
Internet service providers alike to block, filter, reply to, or prevent 
unwanted and unsolicited electronic mail.
  We all recognize that we should not lightly enter into Internet 
regulation. But some practices are simply too destructive to ignore, 
and certain types of unsolicited e-mail must be stopped.
  I hope you will join me in working to pass this fair but strong bill 
to protect individual privacy, preserve freedom of expression, and 
allow legitimate commerce on the Internet to flourish. I ask unanimous 
consent that the full text of the legislation be printed in the Record.
  There being no objection, the bill was ordered to be printed in the 
Record, as follows:

                                 S. 875

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Electronic Mailbox 
     Protection Act of 1997''.

     SEC. 2. FINDINGS.

       Congress makes the following findings:
       (1) The Internet has increasingly become a critical mode of 
     global communication and now presents unprecedented 
     opportunities for the development and growth of global 
     commerce and an integrated worldwide economy.
       (2) In order for global commerce on the Internet to reach 
     its full potential, individuals and entities using the 
     Internet and other online services should be prevented from 
     engaging in activities that prevent other users and Internet 
     service providers from having a reasonably predictable, 
     efficient, and economical online experience.
       (3) Unsolicited electronic mail can be an important 
     mechanism through which commercial vendors, nonprofit 
     organizations, and other providers of services recruit 
     members, advertise, and attract customers in the online 
     environment.
       (4) The receipt of unsolicited electronic mail may result 
     in undue monetary costs to recipients who cannot refuse to 
     accept such mail and who incur costs for the storage of such 
     mail, or for the time spent accessing, reviewing, and 
     discarding such mail, or for both.
       (5) Unsolicited electronic mail sent in bulk may impose 
     significant monetary costs on the Internet service providers, 
     businesses, and educational and non-profit institutions that 
     carry and receive such mail, as there is a finite volume of 
     mail that such providers, businesses, and institutions can 
     handle at any one point in time. The sending of such mail is 
     increasingly and negatively affecting the quality of service 
     provided to customers of Internet service providers.
       (6) While many senders of bulk unsolicited electronic mail 
     provide simple and reliable ways for recipients to reject (or 
     ``opt-out'' of) receipt of unsolicited electronic mail from 
     such senders in the future, other senders provide no such 
     ``opt-out'' mechanism, or refuse to honor the requests of 
     recipients not to receive electronic mail from such senders 
     in the future, or both.
       (7) An increasing number of senders of bulk unsolicited 
     electronic mail purposefully disguise the source of such mail 
     so as to prevent recipients from responding to such mail 
     quickly and easily.
       (8) Many senders of unsolicited electronic mail collect (or 
     ``harvest'') electronic mail addresses of potential 
     recipients without the knowledge of their intended recipients 
     and in violation of the rules or terms of service of the fora 
     from which such addresses are collected.
       (9) Because recipients of unsolicited electronic mail are 
     unable to avoid the receipt of such mail through reasonable 
     means, such mail may threaten the privacy of recipients. This 
     privacy threat is enhanced for recipients whose electronic 
     mail software or server alerts them to new mail as it 
     arrives, as unsolicited electronic mail thereby disrupts the 
     normal operation of the recipient's computer.
       (10) In legislating against certain abuses on the Internet, 
     Congress and the States should be very careful to avoid 
     infringing in any way upon constitutionally protected rights, 
     including the rights of assembly, free speech, and privacy.
       (11) In order to realize the full potential for online 
     electronic commerce, senders of bulk unsolicited electronic 
     mail should be required to abide by the requests of 
     electronic mail recipients, Internet service providers, 
     businesses, and educational and non-profit institutions to 
     cease sending such mail to such recipients, providers, 
     businesses, and educational and non-profit institutions.

     SEC. 3. PROHIBITION ON CERTAIN ACTIVITIES THAT MISAPPROPRIATE 
                   THE RESOURCES OF ONLLNE SERVICE PROVIDERS.

       (a) In General.--Whoever, in or affecting interstate or 
     foreign commerce--
       (1) initiates the transmission of an unsolicited electronic 
     mail message from an unregistered or fictitious Internet 
     domain, or an unregistered or fictitious electronic mail 
     address, for the purpose of--
       (A) preventing replies to such message through use of a 
     standard reply mechanism in the recipient's electronic mail 
     system; or
       (B) preventing receipt of standard notices of non-delivery;
       (2) uses a computer program or other technical mechanism or 
     procedure to disguise the source of unsolicited electronic 
     mail messages for the purpose of preventing recipients, or 
     recipient interactive computer services, from implementing a 
     mail filtering tool to block the messages from reaching the 
     intended recipients;
       (3) initiates the transmission of an unsolicited electronic 
     mail message and fails to comply with the request of the 
     recipient of the message, made to the sender or the 
     listserver as appropriate, to cease sending electronic 
     messages to the recipient in the future;
       (4) distributes a collection or list of electronic mail 
     addresses, having been given prior notice that one or more of 
     the recipients identified by such addresses does not wish to 
     receive unsolicited electronic mail and knowing that the 
     recipient of such addresses intends to use such addresses for 
     the purpose of sending unsolicited electronic mail;
       (5) initiates the transmission of an unsolicited electronic 
     mail message to a recipient despite having been given prior 
     notice (either directly or through a standard method 
     developed, adopted, or modified by an Internet standard 
     setting organization (such as the Internet Engineering Task 
     Force or the World Wide Web Consortium) to better facilitate 
     pre-emptive consumer control over bulk unsolicited electronic 
     mail) that the recipient does not wish to receive such 
     messages;
       (6) registers, creates, or causes to be created an Internet 
     domain or applies for, registers, or otherwise obtains the 
     use of an Internet electronic mail account for the sole or 
     primary purpose of initiating the transmission of an 
     unsolicited electronic mail message in contravention of 
     paragraph (1) or (2);
       (7) directs an unsolicited electronic mail message through 
     the server of an interactive computer service to one or more 
     subscribers of the interactive computer service, knowing that 
     such action is in contravention of the rules of the 
     interactive computer service with respect to bulk unsolicited 
     electronic mail messages;
       (8) knowing that such action is in contravention of the 
     rules of the interactive computer service concerned, accesses 
     the server of the interactive computer service and uses a 
     computer program to collect electronic mail addresses of 
     subscribers of the interactive computer service for the 
     purpose of sending such subscribers unsolicited electronic 
     mail or distributing such addresses knowing that the 
     recipient of such addresses intends to use such addresses for 
     the purpose of sending unsolicited electronic mail; or
       (9) initiates the transmission of bulk unsolicited 
     electronic mail messages and divides the mailing of such 
     messages into smaller mailings for the purpose of 
     circumventing another provision of this Act,

     shall be subject to a civil penalty of not more than $5,000 
     per individual violation.
       (b) Enforcement.--The Federal Trade Commission shall have 
     the authority to commence civil actions under subsection (a).

     SEC. 4. RECOVERY OF CIVIL DAMAGES.

       (a) In General.--Any person whose interactive computer 
     service or electronic mailbox is intentionally misused or 
     infiltrated,

[[Page S5510]]

     or whose requests for cessation of electronic mail messages 
     have been ignored, in violation of section 3 may in a civil 
     action recover from the person or entity which engaged in 
     that violation such relief as may be appropriate.
       (b) Relief.--In an action under this section, appropriate 
     relief includes--
       (1) such preliminary and other equitable or declaratory 
     relief as may be appropriate;
       (2) actual monetary loss from a violation, statutory 
     damages of not more than $500 for each violation, and, if the 
     court finds that the defendant's actions were particularly 
     egregious, willful, or knowing violations of section 3, the 
     court may, in its discretion, increase the amount of an award 
     to an amount equal to not more than 10 times the amount 
     available hereunder; and
       (3) a reasonable attorney's fee and other litigation costs 
     reasonably incurred.

     SEC. 5. STATE LAW.

       Nothing in this Act shall be construed to prevent any State 
     from enforcing any State law that is consistent with this 
     Act. No cause of action may be brought and no liability may 
     be imposed under any State or local law that is inconsistent 
     with this Act.

     SEC. 6. FEDERAL TRADE COMMISSION STUDY INTO EFFECTS OF 
                   UNSOLICITED ELECTRONIC MAIL.

       Not later than 18 months after the date of enactment of 
     this Act, the Federal Trade Commission shall submit to 
     Congress a report detailing the effectiveness of, enforcement 
     of, and the need, if any, for Congress to modify the 
     provisions of this Act.

     SEC. 7. DEFINITIONS.

       In this Act:
       (1) Bulk unsolicited electronic mail message.--The term 
     ``bulk unsolicited electronic mail message'' means any 
     substantially identical unsolicited electronic mail message 
     with 25 or more intended recipients.
       (2) Electronic mail address.--
       (A) In general.--The term ``electronic mail address'' means 
     a destination (commonly expressed as a string of characters) 
     to which electronic mail can be sent or delivered.
       (B) Inclusion.--In the case of the Internet, the term 
     ``electronic mail address'' may include an electronic mail 
     address consisting of a user name or mailbox (commonly 
     referred to as the ``local part'') and a reference to an 
     Internet domain (commonly referred to as the ``domain 
     part'').
       (3) Initiates the transmission.--The term ``initiates the 
     transmission'', in the case an electronic mail message, 
     refers to the action of the original sender of the message 
     and not to any intervening computer service that may handle 
     or retransmit the message, unless the intervening computer 
     service retransmits the message with an intent to engage in 
     activities prohibited by this Act.
       (4) Interactive computer service.--The term ``interactive 
     computer service'' has the meaning given that term in section 
     230(e)(2) of the Communications Act of 1934 (47 U.S.C. 
     230(e)(2)).
       (5) Internet.--The term ``Internet'' has the meaning given 
     that term in section 230(e)(1) of the Communications Act of 
     1934 (47 U.S.C. 230(e)(1)).
       (6) Internet domain.--The term ``Internet domain'' refers 
     to a specific computer system (commonly referred to as a 
     ``host'') or collection of computer systems attached to or 
     able to be referenced from the Internet which are assigned a 
     specific reference point on the Internet (commonly referred 
     to as the ``Internet domain name'') and registered with an 
     organization recognized by the computer industry as a 
     registrant of Internet domains.
       (7) Listserver.--The term ``listserver'' refers to a 
     computer program that provides electronic mailing list 
     management functions, including functions that allow 
     individuals to subscribe and unsubscribe to and from 
     electronic mailing lists.
       (8) Mail filtering tool.--The term ``mail filtering tool'' 
     means any computer program, procedure, or mechanism used by 
     an individual recipient or interactive computer service to 
     block, return, reroute, or otherwise screen or sort incoming 
     electronic mail messages.
       (9) Server.--The term ``server'' refers to any computer 
     that provides support or services of any kind, including 
     electronic mailboxes, to other computers (commonly referred 
     to as ``clients'').
       (10) Unsolicited electronic mail message.--The term 
     ``unsolicited electronic mail message'' means any electronic 
     mail other than electronic mail sent by persons to others 
     with whom they have a prior relationship, including a prior 
     business relationship, or mail sent by a source to recipients 
     where such recipients, or someone authorized by them, have at 
     any time affirmatively requested to receive communications 
     from that source.

     SEC. 8. EFFECTIVE DATE.

       This provisions of this Act shall take effect 45 days after 
     the date of enactment of this Act.
                                 ______