CAN-SPAM Law Research

Author: LegalEase Solutions

QUESTION PRESENTED

Under CAN-SPAM laws, is it illegal to send an email advertisement for the sale of goods and services to an individual without that particular individual’s opt-in or affirmative consent?

SHORT ANSWER

The CAN-SPAM Act does not expressly state that it is illegal to send an email advertisement for the sale of goods and services to an individual without that particular individual’s opt-in or affirmative consent. From the provisions of the Act it appears that affirmative consent is not a mandatory requirement to receive commercial email messages.

RESEARCH FINDINGS

Generally, “[t]he term ‘commercial electronic mail message’ means any electronic mail message with the primary purpose of commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).” 15 U.S.C.A. § 7702(2)(A). Further, with respect to a commercial electronic mail, affirmative consent means “the recipient expressly consented to receive the message, either in response to a clear and conspicuous request for such consent or at the recipient’s own initiative.” 15 U.S.C.A. § 7702(1)(A). Additionally, affirmative consent to commercial electronic mail from a third party means “the recipient was given clear and conspicuous notice at the time the consent was communicated that the recipient’s electronic mail address could be transferred to such other party for the purpose of initiating commercial electronic mail messages.” Id. at § 7702(1)(B).

Opt-out option and unlawful acts under CAN-SPAM Act

Under 15 U.S.C.A. § 7704, a person initiating a commercial electronic mail message has to ensure that it contain a functioning return electronic mail address or other Internet-based mechanism. Further, it must also be clearly and conspicuously displayed that “a recipient may use to submit, in a manner specified in the message, a reply electronic mail message or other form of Internet-based communication requesting not to receive future commercial electronic mail messages from that sender at the electronic mail address where the message was received.” Id. at § 7704(3)(A)(i). Compliance with this section entails providing a list from which the recipient can choose the commercial message that he or she either wants or does not want to receive from the sender. 15 U.S.C.A. § 7704(3)(B). There can also be an option to choose not to receive any commercial mail messages from the sender. Id.

If a recipient has objected to the receipt of some or any commercial electronic mail messages from a sender, then it is unlawful under the CAN-SPAM Act for the sender or any person acting on behalf of the sender to initiate transmission of such commercial electronic mail message after 10 business days from receipt of the request from the recipient. 15 U.S.C.A. § 7704(4)(A). This is not applicable if the recipient gives affirmative consent subsequent to the request objecting to the receipt of commercial mail messages. 15 U.S.C.A. § 7704(4)(B).

Under 15 U.S.C.A. § 7704(5), a person transmitting a commercial mail message has to provide clear and conspicuous identification that the message is an advertisement or solicitation, an option for the recipient to opt out, and also a valid, physical postal address of the sender. 15 U.S.C.A. § 7704(5)(A). 15 U.S.C.A. § 7704(5)(B) provides that if the recipient has given affirmative consent for receipt of commercial mail messages, then the identification that the message is an advertisement or solicitation is not required. Additionally, in the absence of affirmative consent by the recipient, 15 U.S.C.A. § 7704(6)(d) “[requires sender] to place warning labels on commercial electronic mail containing sexually oriented material.” Id.

Moreover, under 15 U.S.C.A. § 7704(6)(b)(1), it is a violation of the CAN-SPAM Act to obtain a recipient’s e-mail address if  i)“the electronic mail address of the recipient was obtained using an automated means from an Internet website or proprietary online service operated by another person . . . .” § 7704(6)(b)(1)(A)(i), and ii) “the electronic mail address of the recipient was obtained using an automated means that generates possible electronic mail addresses by combining names, letters, or numbers into numerous permutations.” § 7704(6)(b)(1)(A)(ii).

CONCLUSION

Therefore, the CAN-SPAM Act has set the rules for commercial electronic mail messages. The Act establishes the requirements for commercial messages, provides the recipient with an option to stop the receipt of commercial mail messages, and prescribes the penalties for violation of the Act. Affirmative consent can be indicated by recipient in three ways: i) the recipient on his or her own initiative has requested the receipt of commercial messages from sender, ii) the recipient has expressly responded to the clear and conspicuous request for consent by sender, and iii) the recipient has consented to the distribution of recipient’s e-mail address to another party.

However, the Act does not expressly state that affirmative consent or an opt-in is a mandatory requirement to receive commercial mail messages. Also, from 15 U.S.C.A. § 7704(5), which provides for inclusion of identifier, opt-out, and physical address in commercial electronic mail, it appears that commercial mail messages can be sent even without the affirmative consent of the recipient. Therefore, in the instant case, it seems that it is not illegal to send an email advertisement for the sale of goods and services to an individual without that particular individual’s opt-in or affirmative consent.

 

E-commerce OFAC Due Diligence

Author: LegalEase Solutions

QUESTION PRESENTED

 When engaging in global e-commerce transactions for the sale of educational services and/or materials (such as online courses on nursing subjects), what level of due diligence is required in order not to run afoul of US sanctions and/or anti-terrorist laws and regulations?

 SHORT ANSWER

Due diligence refers to the level of prudence, care and judgment reasonably expected to be exercised by a person under particular circumstances. In the context of global e- commerce transactions for the sale of educational services, due diligence means the reasonable care and caution expected of a person in complying with the laws relating to export of services, especially with regard to anti-terrorist laws and sanctions. Due diligence is critical in global e-commerce because the Export Administration Regulations (EAR) prohibit the export or release of any item to any party with knowledge that a violation is about to occur.

All items in the United States, including items moving in transit through the U.S., are subject to Export Administration Regulations (EAR) with a few exceptions which include, inter alia, publicly available technology and software used for educational purpose by academic institutions.  Similarly, all persons and entities in the U.S. are subject to the regulations of the Office of Foreign Assets Controls (OFAC). Strict compliance with the statutory requirements of EAR and OFAC when engaging in e-commerce transactions will meet the standard of due diligence set forth supra.

Examples of necessary measures for statutory compliance include access control systems to check the address of every system outside of the U.S. requesting or receiving a transfer and verify that such systems do not have a domain name or Internet address of a foreign government end-user, and giving notice of the requirement of license or authorization to transfer the materials.[1]

Another requirement to ensure due diligence is to stay clear of items that are generally prohibited from export or re-exports. A license form Bureau of Industry and Security (BIS) is necessary to engage in the export or re-export of items in this category.[2]

Keeping a full and accurate record of each transaction engaged in, and making them available for examination for at least five (5) years after the date of such transaction, is another statutory requirement with which parties must comply.[3]

Further, due diligence requires a person intending to engage in e-commerce to check with OFAC and the list of Specially Designated Nationals (SDN) published by OFAC to make sure that the intended transactions do not involve prohibited governments or individuals.[4]

Additionally, the Trade Information Center operated by the U.S. Department of Commerce advises an exporter to request a ‘commodity jurisdiction’ (CJ) determination to resolve any uncertainty regarding the export-licensing jurisdiction of an item or service.[5]

RESEARCH FINDINGS

The Fifth circuit adopted the standard set out by the Texas Supreme court on the requirement of due diligence in a contract as follows:

Contracting parties are generally not fiduciaries. Thus, due diligence requires that each protect its own interests. Due diligence may include asking a contract partner for information needed to verify contractual performance. If a contracting party responds to such a request with false information, accrual may be delayed for fraudulent concealment. But failing to even ask for such information is not due diligence.

Beavers v. Metro. Life Ins. Co., 566 F.3d 436, 440 (5th Cir. 2009) (quoting Via Net v. TIG Ins. Co., 211 S.W.3d 310, 314 (Tex. 2006)).

The 9th Circuit explains due diligence as “‘the standard of reasonableness shall be that required of a prudent man in the management of his own property.’” In re Software Toolworks Inc., 50 F.3d 615, 621 (9th Cir. 1994) (quoting 15 U.S.C. § 77k(c)).

Further, due diligence is a “defense if [the defendants] show that after reasonable investigation they had reasonable ground to believe (and did believe) that, at the time [the registration statement became effective], the statements were true and there was no material omission.” Kaplan v. Rose, 49 F.3d 1363, 1371 (9th Cir. 1994) (quoting 15 U.S.C. § 77k(b)(3)(A)).

“Although questions of due diligence are generally for the jury to decide, a court can find that a party has failed to exercise due diligence as a matter of law where due diligence failures are particularly egregious.” Fin. Sec. Assur., Inc. v. Stephens, Inc., 500 F.3d 1276, 1289 (11th Cir. 2007).

An act undertaken with knowledge of a possible violation of a statute like the Trading with Enemy Act (TWEA) is considered a violation of the statute. Knowledge of the statutory requirements is immaterial to guilt or innocence. To prove such a violation, “[t]he government must prove that appellants ‘had knowledge of [the restrictions] and acted with the specific intent to circumvent those requirements.’” United States v. Tooker, 957 F.2d 1209, 1214 (5th Cir. 1992), as amended on denial of reh’g (May 8, 1992) (quoting United States v. Granda, 565 F.2d 922, 924 (5th Cir.1978)).

Further, “[t]he government is not required to establish that [the person] had knowledge of the specific regulations governing his conduct …” United States v. Dien Duc Huynh, 246 F.3d 734, 743 (5th Cir. 2001).

The Third Circuit found against a defendant’s conduct in availing the guidance from OFAC before engaging in transactions with Iran and observed that “the record reveals [the defendant] only halfheartedly availed himself of the opportunity to receive definitive guidance from OFAC.”  United States v. Amirnazmi, 645 F.3d 564, 590 (3d Cir. 2011). The court further held that “[defendant’s] refusal to provide OFAC with the detailed information that might have allowed the agency to offer reasoned guidance supports the District Court’s conclusion [against the defendant].” Id. “Moreover, OFAC’s interpretive rulings do not cast doubt on the ability of reasonable persons to appreciate whether their conduct was prohibited.” Id.

Therefore, the utmost care must be exercised in undertaking transactions involving exports, and due diligence requires that parties seek administrative clarification should any doubt arise regarding the legality of their transaction: “[s]hould uncertainty lurk that is not purely hypothetical, however, administrative vehicles are available for clarification.” Humanitarian Law Project v. U.S. Treasury Dep’t, 578 F.3d 1133, 1147 (9th Cir. 2009).

The administrative vehicles available for clarification are explained as:

Individuals or institutions in doubt about the propriety of proposed activities may call the Department of Treasury’s compliance hotline; e-mail the Treasury’s e-hotline mailbox; call Treasury’s licensing division, or apply for a license; and consult an attorney in the Chief Counsel’s Office, or submit a request for a written interpretation of whether the proposed activity would constitute a violation.

Id., n13 at 1147 (9th Cir. 2009).

Due diligence in e-commerce to ensure adherence to sanctions and anti-terrorist laws requires compliance with EAR and OFAC regulations. “The EAA authorized the Secretary of Commerce to issue regulations prohibiting or curtailing exports in order to protect or further the national security, foreign policy, or short-supply interests of the United States.” United States v. Elashyi, 554 F.3d 480, 492 (5th Cir. 2008). “To carry out those functions, Commerce promulgated the Export Administration Regulations (“EAR”), which set forth exporters’ obligations.” Id.

EAR

The references to the Export Administration Regulations (EAR) are references to 15 CFR chapter VII, subchapter C.

  • 734.3 ITEMS SUBJECT TO THE EAR

(a) Except for items excluded in paragraph (b) of this section, the following items are subject to the EAR:

(1) All items in the United States, including in a U.S. Foreign Trade Zone or moving intransit through the United States from one foreign country to another;

(2) All U.S. origin items wherever located;

(3) Foreign-made commodities that incorporate controlled U.S.-origin commodities, foreignmade commodities that are ‘bundled’ with controlled U.S.-origin software, foreign made software that is commingled with controlled U.S.-origin software, and foreign-made technology that is commingled with controlled U.S.-origin technology:

(i) In any quantity, as described in § 734.4(a) of this part; or

(ii) In quantities exceeding the de minimis levels, as described in §§ 734.4(c) or 734.4(d) of this part;

(b) The following items are not subject to the EAR:

(2) Prerecorded phonograph records reproducing in whole or in part, the content of printed books, pamphlets, and miscellaneous publications, including newspapers and periodicals; printed books, pamphlets, and miscellaneous publications including bound newspapers and periodicals; children’s picture and painting books; newspaper and periodicals, unbound, excluding waste; music books; sheet music; calendars and calendar blocks, paper; maps, hydrographical charts, atlases, gazetteers, globe covers, and globes (terrestrial and celestial); exposed and developed microfilm  reproducing, in whole or in part, the content of any of the above; exposed and developed motion picture film and soundtrack; and advertising printed matter exclusively related thereto.

(3) Publicly available technology and software, except software classified under ECCN 5D002 on the Commerce Control List, that:

(i) Are already published[6] or will be published as described in §734.7 of this part;

(ii) Arise during, or result from, fundamental research, as described in §734.8 of this part;

(iii) Are educational, as described in §734.9 of this part;

(iv) Are included in certain patent applications, as described in §734.10 of this part.

  • 734.9 EDUCATIONAL INFORMATION

“Educational information” referred to in §734.3(b)(3)(iii) of this part is not subject to the EAR if it is released by instruction in catalog courses and associated teaching laboratories of academic institutions.[7] Dissertation research is discussed in §734.8(b) of this part. … Note that the provisions of this section do not apply to encryption software classified under ECCN 5D002 on the Commerce Control List, except publicly available encryption object code software classified under ECCN 5D002 when the corresponding source code meets the criteria specified in § 740.13(e) of the EAR …

Apart from the above exceptions, all exports and re-exports are subject to EAR. Further, “the release of any item to any party with knowledge a violation is about to occur is prohibited by § 736.2(b) (10) of the EAR.” 15 C.F.R. § 734.2(b) (2) (ii).

The term “export” is defined by EAR as:

“Export” means an actual shipment or transmission of items subject to the EAR out of the United States, or release of technology or software subject to the EAR to a foreign national in the United States, as described in paragraph (b)(2)(ii) of this section. See paragraph (b) (9) of this section for the definition that applies to exports of encryption source code and object code software subject to the EAR.

15 C.F.R. § 734.2 (b) (1)

Export of encryption source code and object code software means:

The export of encryption source code and object code software controlled for “EI” reasons under ECCN 5D002 on the Commerce Control List (see Supplement No. 1 to part 774 of the EAR) includes downloading, or causing the downloading of, such software to locations (including electronic bulletin boards, Internet file transfer protocol, and World Wide Web sites) outside the U.S., or making such software available for transfer outside the United States, over wire, cable, radio, electro-magnetic, photo optical, photoelectric or other comparable communications facilities accessible to persons outside the United States, including transfers from electronic bulletin boards, Internet file transfer protocol and World Wide Web sites, unless the person making the software available takes precautions adequate to prevent unauthorized transfer of such code. See § 740.13(e) of the EAR for notification requirements for exports or reexports of encryption source code software considered to be publicly available consistent with the provisions of § 734.3(b)(3) of the EAR. Publicly available encryption software in object code that corresponds to encryption source code made eligible for License Exception TSU under section 740.13(e) is not subject to the EAR.

15 C.F.R. § 734.2 (b) (9) (ii)

The ‘release of technology’ is defined as:

Technology or software is “released” for export through:

(i) Visual inspection by foreign nationals of U.S.-origin equipment and facilities;

(ii) Oral exchanges of information in the United States or abroad; or

(iii) The application to situations abroad of personal knowledge or technical experience acquired in the United States.

15 C.F.R. § 734.2 (b) (3)

Requirements to comply with before exporting

Certain additional requirements are to be complied with before exporting or re-exporting items which are not prohibited by EAR. They include:

(A) The access control system, either through automated means or human intervention, checks the address of every system outside of the U.S. or Canada requesting or receiving a transfer and verifies such systems do not have a domain name or Internet address of a foreign government end-user (e.g., “.gov,” “.gouv,” “.mil” or similar addresses);

(B) The access control system provides every requesting or receiving party with notice that the transfer includes or would include cryptographic software subject to export controls under the Export Administration Regulations, and anyone receiving such a transfer cannot export the software without a license or other authorization; and

(C) Every party requesting or receiving a transfer of such software must acknowledge affirmatively that the software is not intended for use by a government end-user, as defined in part 772, and he or she understands the cryptographic software is subject to export controls under the Export Administration Regulations and anyone receiving the transfer cannot export the software without a license or other authorization. BIS will consider acknowledgments in electronic form provided they are adequate to assure legal undertakings similar to written acknowledgments.

15 C.F.R. § 734.2 (b) (9) (iii)

Export or re-export of items subject to EAR is further restricted per § 736.2 based on the following:

(1) Classification of the item. The classification of the item on the Commerce Control List (see part 774 of the EAR);

(2) Destination. The country of ultimate destination for an export or reexport (see parts 738 and 774 of the EAR concerning the Country Chart and the Commerce Control List);

(3) End-user. The ultimate end user (see General Prohibition Four (paragraph (b)(4) of this section) and Supplement No. 1 to part 764 of the EAR for references to persons with whom your transaction may not be permitted; see General Prohibition Five (Paragraph (b)(5) of this section) and part 744 for references to end-users for whom you may need an export or reexport license).

(4) End-use. The ultimate end-use (see General Prohibition Five (paragraph (b)(5) of this section) and part 744 of the EAR for general end-use restrictions); and

(5) Conduct. Conduct such as contracting, financing, and freight forwarding in support of a proliferation project as described in part 744 of the EAR.

Exports, re-exports, and other conduct with respect to items under general prohibition may not be made without “a license from the Bureau of Industry and Security (BIS) or qualify under part 740 of the EAR for a License Exception from each applicable general prohibition in this paragraph.” 15 C.F.R. § 736.2 (b).

OFAC Regulations on Keeping Records of Transactions

Keeping records of transactions is another requirement for due diligence.

Except as otherwise provided, every person engaging in any transaction subject to the provisions of this chapter shall keep a full and accurate record of each such transaction engaged in, regardless of whether such transaction is effected pursuant to license or otherwise, and such record shall be available for examination for at least 5 years after the date of such transaction.

31 C.F.R. § 501.601.

Educational Services Transactions with Iran

OFAC has provided License G for authorizing certain educational services with Iran.

31 C.F.R. Part 560 provides for:

(1) U.S. academic institutions, including their contractors, are authorized to export services:

(iii) to individuals located in Iran, or located outside Iran but who are ordinarily resident in Iran, to sign up for and to participate in undergraduate level online courses (including Massive Open Online Courses, coursework not part of a degree seeking program, and fee-based courses) provided by U.S. academic institutions in the humanities, social sciences, law, or business provided that the courses are the equivalent of courses ordinarily required for the completion of undergraduate degree programs in the humanities, social sciences, law, or business, or are introductory undergraduate level science, technology, engineering, or math courses ordinarily required for the completion of  undergraduate degree programs in the humanities, social sciences, law, or business.

(c) This general license does not authorize:

(1) The exportation or reexportation of any goods (including software) or technology (see 31 C.F.R. § 560.418 & Note 1 addressing releases of technology or software to foreign nationals) to (i) the Government of Iran, or (ii) Iran, except for technology or software released under this General License that is designated as EAR99 under the Export Administration Regulations, 15 C.F.R. parts 730 through 774 (the “EAR”), or constitutes Educational Information not subject to the EAR, as set forth in 15 C.F.R. 734.9, and the release does not otherwise require a license from the Department of Commerce; or

(2) The exportation or reexportation of services to any person whose property and interests in property are blocked pursuant to any part of 31 C.F.R. chapter V other than part 560.

Note 2 to General License G: United States depository institutions or United States registered brokers or dealers in securities are authorized to process transfers of funds in furtherance of activities authorized by this general license so long as the transfer is consistent with 31 C.F.R. § 560.516.

Note 3 to General License G: United States depository institutions and private loan companies are authorized to engage in all transactions necessary to collect, accept, and process student loan payments from persons in Iran or ordinarily resident in Iran under 31 C.F.R. § 560.551

CONCLUSION

The penalties for violations of EAR are severe. Moreover, the items subject to EAR are “dual use” items meaning the item has civil applications as well as terrorism or weapons of mass destruction application. Therefore, extreme care and caution should be exercised when dealing with the provisions of EAR intended to protect the interests of national security and foreign policy of the U.S. Due diligence require a person or entity engaged in e-commerce to adhere to the EAR and OFAC regulations. This include precautions to be taken while deciding the items to export, to whom to expor,t and to seek clarifications from OFAC or Department of Commerce when faced with confusion.

[1] 15 C.F.R. § 734.2 (b) (9) (iii) Full text provided in “Requirements to comply with before exporting”, page 8.

[2] 15 C.F.R. § 736.2 (b) Text in p. 10

[3] 31 C.F.R. § 501.601 Full text in p. 10 (OFAC Regulations on Keeping Records of Transactions).

[4] http://www.treasury.gov/resource-center/faqs/Sanctions/Pages/faq_general.aspx#basic

[5] http://www.export.gov/regulation/eg_main_018216.asp

[6] § 734.7 Published information and software.

(a) Information is ‘‘published’’ when it becomes generally accessible to the interested public in any form, including:

(1) Publication in periodicals, books, print, electronic, or any other media available for general distribution to any member of the public or to a community of persons interested in the subject matter, such as those in a scientific or engineering discipline, either free or at a price that does not exceed the cost of reproduction and distribution (See Supplement No. 1 to this part, Questions A(1) through A(6));

(2) Ready availability at libraries open to the public or at university libraries (See Supplement No. 1 to this part, Question A(6));

If the content of on line courses offered by ANA satisfies the requirement of ‘published’, then it may be exempt from EAR.

[7] Academic institution generally refers to primary or secondary schools and institutions providing undergraduate and post graduate education. American Nurses Credentialing Center, a subsidiary of ANA, accredits organizations which use ANCC criteria to plan, implement and evaluate continuing nursing education (CNE). (http://www.nursecredentialing.org/PrimaryAccreditation). If the ANCC can be considered as an academic institution, then educational information offered in catalog courses of ANCC may be exempt from EAR.

 


Inside E-commerce OFAC Due Diligence