Microsoft, Holomaxx, ISPs Reading Your Email

Way back on December 19th, John Levine posted Microsoft's response to the Holomaxx lawsuit. I haven't had a chance to read it in depth until now -- and let me tell you, it has been an interesting read. I'm not a lawyer (and I don't even play one on TV), but I think Microsoft is going to squash Holomaxx like a bug. John Levine calls this first response from Microsoft a "crushing brief" and I find that a suitable description.

As Microsoft points out, Section 230 of the Communications Decency Act clearly allows Microsoft to block this mail, overriding any other concerns or differences of opinion on permission, best practices, whatever. The case law seems clear to me, and I wonder why Holomaxx even bothered bringing this claim.

But wait, there's more. Holomaxx says that it shouldn't be blocked because it fully complies with CAN-SPAM. Every ignorant soul blocked at an ISP has raised this argument at one point or another. Microsoft replies with something very similar to what I would say if the same argument were raised to me:

"This is legally irrelevant. Nothing in the CDA purports to carve back a service provider's immunity merely because the plaintiff complies with the CAN-SPAM Act. Nor can Holomaxx point to anything in the CAN-SPAM Act which provides it a right to sue Microsoft despite the clear import of the CDA. Holomaxx's suggestion that CAN-SPAM compliance bears on the CDA ignores two federal statutes. Not surprisingly, courts have rejected arguments identical to Holomaxx's. For example, in e360Insight, as here, the plaintiff pointed to its alleged CAN-SPAM compliance as evidence that its e-mails were not properly the subject of CDA immunity. 568 F.3d at 608-09. The court rejected this theory, noting, "compliance with CAN-SPAM, Congress decreed, does not evict the right of the provider to make its own good faith judgment to block mailings." Id. at 608 ("Section 7707 of the [CANSPAM] Act says nothing in the Act shall 'have any effect on the lawfulness … under any other provision of law, of the adoption, implementation, or enforcement by a provider of Internet access service of a policy of declining to transmit, route, relay, handle or store certain types of electronic mail messages.'")."

Translated: CAN-SPAM says ISPs can filter whatever they want. They're free to block legally compliant messages. And the case law agrees. Hotmail, it seems, has a policy of blocking some CAN-SPAM compliant email messages, if those messages fail to comply with Hotmail's email-related policies. This is a long standing practice. It's not like Hotmail just up and decided last week that they don't want the spam. The rest of us have been aware of this for many years. I'm not quite sure why Holomaxx doesn't seem to "get it."

Most interestingly, Holomaxx alleges that Microsoft is violating the law by reading email messages Holomaxx has sent to various recipients. In response, Microsoft points out that the Wiretap act doesn't apply to STORED communications, i.e., the messages in question were sitting on a Hotmail server. They were not intercepted at all in that when accessed, they were not in transmission.

Now, here's where Microsoft answers a question of mine. A few weeks ago, I wondered out loud, does an ISP have a right to read a recipient's email messages? Microsoft says here that they do have that right.

"The statute is clear that no Wiretap Act violation can occur where, as here, one party to the communication has given prior consent. [...] Here, the recipients of Holomaxx's e-mails are users of Microsoft's e-mail services, such as Hotmail. [...] As such, [Hotmail users] provide broad consent for Microsoft to access or disclose e-mails sent to their accounts, so that Microsoft can effectively protect itself and its customers. Specifically, through Paragraph 6 of the Hotmail Terms of Service, account holders agree that: In particular, we [Microsoft] may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the service; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public."

And there you have it. I can't wait to read Holomaxx's next salvo in this fight. One wonders if their legal theories will improve.
Post a Comment