May 24, 2003  ·  Lessig

So on May 22, at 11:49am I posted my offer to spammers that I’d be happy to read their spam sent to a special spam email address if they promise to pay $500 for the privilege. At 9:58 this morning — less than 2 days later — I received my first acceptance. How exciting!

  • http://ansuz.sooke.bc.ca/lebwog.html Matthew Skala

    Far be it from me to question your legal opinion, but I wonder if A. the terms of this offer are enforceable, and B. it is a good thing for the terms of this offer to be enforceable. If you know that a human being reads your offer and chooses, having read the offer, to send you email, fine – I’m willing to accept that as valid contract formation and say that you should be allowed to charge the person your fee. But that is almost certainly not what’s going on here. Instead, the spammers are running automated programs that collect addresses and send mail to them with no per-address human intervention. It’s virtually certain that no human has ever sent mail to your “trap” address after reading the associated offer. Now it looks like you want to claim that contract formation has nonetheless occurred between you and the operators of the spam software. I’m sorry, but this is one case that I hope you’ll lose.

    On the one hand, it’s easy to say “Oh, spammers are bad, so they deserve whatever they get!” But I’m really worried about the consequences of saying “I can bind someone to a contract they haven’t read, containing any terms of my choice, just because their computer talked to mine.” It does not make it better to say “Well, they’re an evil person, so they deserve it!” and it doesn’t make it better to say “Well, they ought to have been expecting a contract and so they ought to have read it.”, when the protocol has no provision for that. If you can enforce contract terms on a spammer because they sent you mail, when you handed them your address with strings attached in a form you know perfectly well they had no reasonable liklihood of reading and no reason to expect to have to read, then what’s next?

    By that logic, I can bind you to whatever terms I wish when you visit my Web site. I can put those terms in an HTML comment. In Pig Latin subjected to ROT13 and then transliterated into Japanese hiragana. I can read that (with some difficulty, but I need to think carefully when reading regular legalese too), and I can provide server logs indicating that you downloaded it, so any further HTTP transactions between you and my server after that one, must indicate your acceptance, right? Even though I know it’s highly unlikely that any human ever saw or understood the contract terms. Of course, there are plenty of Web sites that already do claim to impose onerous contract terms on anyone who visits – but I think it’s really dangerous to allow contracts readable only by humans to be enforceably formed by transactions that are commonly made without human intervention.

    If we think we need to form contracts over the Net, then we need a protocol that will make clear, in a machine-readable way, exactly what protocol actions will result in contract formation, and as much about the nature of the contract being formed as possible. Existing HTML and SMTP systems do not qualify. Your offer looks to me a whole lot like the legendary press gang tactic – drop a coin in a mug of beer, give the mug to an unsuspecting victim, and if he accepts, well then he’s in the Navy whether he wants to be or not, because he’s accepted pay from a recruiting agent even though he did not know that that is what he was doing. I don’t want to go back to those days.

  • http://damon.to/blog/ damon

    Where is the offer text? I think the HREF may be messed up.

  • Karl

    The offer is here.

    -kd

  • john allspaw

    Matthew — you say “it�s really dangerous to allow contracts readable only by humans to be enforceably formed by transactions that are commonly made without human intervention.”

    you don’t think that there’s something wrong with saying that email harvesting bots for the sole purpose of sending spam is “commonly” done ? and without human intervention ? while it’s not illegal to screen-scrape email addresses from web pages, such as Professor Lessig’s blog here, it is becoming more and more illegal to send unsolicited email *TO* that address.

    your analogy of visiting a web page with an encoded terms of service doesn’t quite apply, either. the visiting of a web page and the protocols involved with such a transaction doesn’t impose any inconvenience to the owner of the web page, whereas receiving unsolicited email can be argued to be an inconvenience. (as are receiving junk faxes and telemarketing commercial phone calls, which are becoming illegal as well)

    just because the bot can’t read or accept the contract under which email to that address is permitted is no excuse for sending email to it in violation of that contract.

    basically, there shouldn’t be any email sent to that address. the burden of reading and/or accepting the contract falls on the individual who is responsible for running the email harvesting robot, and if he/she doesn’t read the contract, it’s not Mr. Lessig’s fault.

  • Romany

    Not sure if you already saw
    this…

    California senate passes antispam bill
    (By Carly Suppa, IDG News Service)

    Not waiting for the U.S. Congress to take action against spam, the California State Senate passed a bill Thursday that would turn spam from a misdemeanor to a felony offense and cost spammers an estimated US$500 per unsolicited e-mail sent….

  • http://www.billsaysthis.com BillSaysThis

    Larry, please be sure and post an entry when you receive your first check or conversely, when hell freezes over.

  • K. Ari Krupnikov

    The href in this post is broken and includes part of the post instead of the ID.

    Ari.

  • Karl

    Professor,

    It seems like the posting of this address on a site that is frequented is likely a downfall of any potential litigation. It is entirely possible that I, or any other visitor, could have taken your address and signed you up for any number of mailings. I’m pretty sure that all of this is done tounge-in-cheek, but if you are really hoping to succeed in collecting on the claim, I’d suggest you place a similar message on a site that is not so busy…perhaps one that is not even obviously linked to your page, such that people are far less likely to see it, but spambots can still access it.

    -kd

  • http://www.upsaid.com/watcherofweasels/ Watcher

    Have you considered the possibility that pobox.com could have sold your email address to some spam fiends?

  • James

    Matthew –

    Very smart post — your argument makes a lot of sense. In fact, Lessig’s apparent belief that spammers should be bound by the terms of the contract, even though the address was simply harvested by a program, would seem to result in fairly restrictive uses of the web. Don’t we want to allow machines to be able to harvest information (even if the harvesting, in this case, has unpleasant consequences)?

    To say that every person whose computer speaks to another computer, is held to have constructively assented to the terms of the contract, would seem to be an anti-innovation position to take.

    I’d be interested to hear Lessig’s response to your argument.

  • http://www.techstuff.ca/ Sandy McMurray

    I posted a similar message on my site shortly after your notice was posted.
    http://www.techstuff.ca/archives/archives/1443.html

    It took spammers much longer to grab the address from my site, but they did.

    So… how do I collect my money? ;-)
    Sandy