Is E-Mail in Spyware’s Crosshairs?

Now that Congress’s spam debate has subsided, all eyes are on spyware. In the past month, a number of states have either passed anti-spyware laws or introduced anti-spyware legislation. Congress even introduced a bill addressing the issue.

If you think spyware has nothing to do with your email marketing efforts, think again. Many of these bills could have a dramatic impact on email campaigns.

Defining Spyware

The same problem with nailing down an accepted definition for spam affects spyware. You know it when you see it, yet industry and legislators have a hard time defining it. Broadly, spyware is a software program that transmits information from a computer over the Internet to another computer without the user’s knowledge.

Unfortunately, many of the new spyware bills cover other unethical Internet practices. These may or may not relate to software applications.

Rather than come up with a strict definition for spyware (we don’t have one for spam), we can reverse-engineer a definition by explaining what spyware isn’t:

  • Cookies
  • Web beacons
  • Personalization technology, such as collaborative filtering
  • HTML or other images loaded from a Web server
  • Web analytics software that tracks user clickstream data
  • Software that tracks computer activities, expiration dates, or upgrade/update activity yet does not send activity information back to a host
  • Computer-to-online synchronization software powered by a user, such as Plaxo

The Spyware Debate Isn’t About Spyware

Legislators aren’t concerned software programs on your computer send information to a host computer. Such programs have been on your computer since the first time you turned it on. The root of the debate is the perennial issue email marketing faces: permission.

I commend legislators for defending consumer rights against misleading software downloads. Such software can drain computer resources and potentially invade consumer privacy by collecting and transmitting personally identifiable information that could lead to identity theft. Identity theft is quickly becoming the bane of Internet use. Any application that allows its proliferation should be quickly stopped.

The title of the recently introduced federal bill, Controlling Invasive and Unauthorized Software Act, demonstrates legislators are focused on elements of notice and choice, not spyware alone.

Utah Anti-Spam Law Déjà Vu

With a new federal law preempting commercial elements of state email laws, we can look back at the deluge of Utah’s anti-spam lawsuits and sigh in relief. Yet Utah is the first state to enact an anti-spyware law.

Utah’s Spyware Control Act has three key elements that may affect email marketing:

  • General email marketing uses. The act’s definitions are so related to software use in general that, theoretically, an email client could be in violation if it permits email to be delivered that encourages you to go to a Web site or allows tracking information to be sent without your knowledge.
  • Triggered email programs. Some of the most advanced email marketers integrate clickstream analysis into email marketing programs. It’s possible to trigger an email message following, for example, an abandoned shopping cart. This type of campaign is potentially a violation of the law.
  • E-mail-related push applications such as RSS. My ClickZ colleague Kathleen Goodwin regularly writes about the buzz around RSS. RSS programs could violate this law. Program hosts could track usage without user knowledge to enhance the relevance of future ads.

Here’s the déjà vu part: There’s a private right of action for any Web site registrant or trademark owner to enforce this law. In other words, the same law firms that targeted legitimate emailers with Utah’s anti-spam law may soon target legitimate emailers under this law.

Preemption Is Only Part of the Issue

After years of political wrangling, the email industry finally convinced legislators commercial elements of state email laws needed preemption. We may be obliged go down a similar path with a federal spyware law. Preemption is only part of the problem.

The bigger issue is permission-related. The pending law may again open a vigorous debate over opt-in versus opt-out. This typically ends in stalemates or spillovers from other pending laws.

The biggest concern the email industry faces with a spyware law isn’t spyware at all. Rather, it’s a reemerging debate surrounding overall online privacy, or even a multichannel privacy law that could affect the entire marketing industry.

The solution is not a No-Spyware Registry, but rather a specific review of the most threatening and fraudulent uses of spyware, coupled with bolstering the Federal Trade Commission’s (FTC’s) resources to track and enforce fraudulent cases.

How will spyware affect your email marketing efforts? Send me your thoughts.

Want more email marketing information? ClickZ E-Mail Reference is an archive of all our email columns, organized by topic.

Related reading