FTC: State Registries Put Kids’ Inboxes at Risk

State laws that set up “Do Not E-mail” registries for children are actually putting those kids’ contact info at risk, according to a letter penned by the Federal Trade Commission (FTC).

The letter’s ostensible purpose is to address proposed child protection legislation in Illinois; but it also appears designed to warn other states that have set up — or are considering setting up — such lists of their inherent dangers.

“Because such a registry cannot be effectively monitored for abuse, it may have the unintended consequence of providing spammers with a mechanism for verifying the validity of email addresses,” the letter states. “This consequence may actually increase the amount of spam sent to registered children’s addresses in general, including spam containing adult content.”

Utah and Michigan have already passed legislation to create such lists. The well-meaning laws are meant to protect children from commercial messages that promote adult content and other products prohibited to them. However, the FTC asserts such registries have the reverse effect. It says they let unscrupulous marketers quickly identify and sell to kids, since they offer an available database of verified email addresses. Meanwhile, it asserts they hurt legitimate marketers, who must spend money and time comparing their lists against them.

These databases are vulnerable, the FTC notes, because they typically work by scrubbing existing lists and returning those lists with the contact information of registered children either highlighted or removed. Unethical parties can thereby deduce which individuals on its pre-scrubbed list are children, and then email them. Finding and prosecuting spammers is notoriously difficult.

The FTC assembled the letter at the request of Illinois Representative Skip Saviano, who in September sought the agency’s feedback on pending Illinois HB 0572.

The Illinois bill — nearly identical to the new laws in Utah and Michigan — has since died in committee and is unlikely to be revived. For that reason, it appears the FTC wrote its letter less for the benefit of Illinois than for other states where similar bills have passed or are under consideration.

“The FTC doesn’t have the ability to directly speak to Michigan or Utah unless asked. The timing of this letter is not coincidental and is entirely related to the Michigan and Utah…registries,” said Trevor Hughes, executive director of the E-mail Service Provider Coalition.

It’s unlikely either of those states will repeal their laws. The Utah registry has been implemented and reportedly contains email addresses “in the low thousands,” according to Hughes. A number of list-owners are scrubbing their lists against it now.

The Michigan law is slightly held up, because its fine structure requires an amendment that has yet to be signed by the governor. There’s a slim chance it will be blocked.

Hughes said the FTC is sending a deliberate message to those states that they’re hurting, not helping, kids — while warning other states to think twice about enacting similar legislation.

“I would hope that this letter from the FTC will dissuade any legislator in any state from even considering such an idea,” he said. “This is no longer an issue of the email marketing industry complaining about added costs. This is about the FTC telling these states they are about to put kids’ email addresses at risk.”

Hughes added, “It’s the best-intended but most ill-conceived legislation I’ve ever seen in my tenure as executive director of the E-mail Service Provider Coalition.”

Related reading