I can’t help but get a little bit of personal satisfaction out of this story.  It seems that Dell Computers was engaged in a large scale “shell” game or “bait and switch” scheme in New York.  A New York judge recently found that Dell misled consumers repeatedly by engaging in “false and deceptive advertising” of its promotional financing terms/incentives and service warranties.  The New York Attorney General’s (“AG”) office logged over 1,700 complaints from consumers.

Dell was luring consumers to purchase its computers by offering free financing, rebates, upgrades, and  other incentives for “well qualified” customers.  However, according to the AG, as few as 7% of consumers actually qualified for the promotions.  The vast majority of applicants were instead offered hefty interest rates between 16% to 30%, conveniently financed through Dell Financial Services.  The judge, among other things, enjoined Dell from advertising certain promotions without first  prominently disclosing to consumers how many applicants were likely to qualify for them.

On the service end of things, the judge found that many consumers were placed on hold for technical support for inordinately long periods of time, had to call repeatedly to get through to a technical representative (who I’ve found to be useless anyway), and many instances where the company refused to provide on-site service.  Some customers apparently waited for months or even years for service.  So much for their “next day” service guarantee.

As an owner of 2 Dell computers that have been nothing but trouble within months of buying them, it’s somewhat gratifying to see the company get slammed for its deceptive conduct.  Almost all of my experiences with Dell’s technical support have been, uh, well—what’s the Hindi word for “abysmal”?  I stopped calling them long ago and now use my own pricey IT consultant.  In any case, my frustrations are clearly widespread and well-founded.

As I’ve said before, the “unfair or deceptive” standard used by almost any AG’s office is an especially broad one that easily encompasses conduct which may not meet the higher standard used for “fraud.”  With fraud, it must be shown that a company actually knew that what it was doing was wrong—although in this case, the folks at Dell seemed to be fully aware of their actions.  How could they not be? 

But an AG doesn’t need to jump through hoops to prove fraud anyway.  Showing unfair or deceptive conduct is much easier.  And once the AG has a high-profile and wealthy corporate defendant in its sites that is the subject of 1,700 consumer complaints, rest assured that it will  pursue the company vigorously.  Given my own problems with Dell, I say: “Give ‘em hell!”

Just a quick follow-up to a post I wrote a few weeks ago about “Spam King” Sanford Wallace.  Wallace had been defaulted by a federal district court in California in a suit brought by MySpace for running a spamming and phishing scam on the site.

The court recently awarded MySpace $230 million against Wallace in what is apparently the largest spam award yet.  Of course, chances are that MySpace will never see a penny of that money—or if they do, it will be a miniscule fraction of the award.  Of course, no one will shed a tear if MySpace drives Wallace into bankruptcy.  It won’t stop him anyway.

And MySpace doesn’t need the money.  But it’s a symbolic victory and a great public relations plug for the company.  It gives MySpace bragging rights to its users, attorneys general of all 50 states, and the federal government that it takes these issues seriously and doesn’t waver—even though getting a default judgment is not all that difficult to do.  Hopefully, MySpace will pursue it further and try to actually collect on the award.

According to a new survey by Forrester Research, 41% of large companies (those having at least 20,000 employees) either read or analyze the contents of outbound e-mail.  They’re either paying other employees to read them or presumably using any number of commercially available software programs to analyze them. 

44% of the companies surveyed investigated a confidential data breach involving e-mail in the past year, while 26% said they fired an employee for violating the company’s e-mail policy.  Companies also expressed concern over employees leaking information on message boards, blogs, and other electronic media.

Quite frankly, I’m surprised only 41% of large companies are doing this (although it depends on the industry).  I would have expected it to have been much higher given the daily parade of data and privacy breaches in the news.  After all, it’s large companies that have the financial and human resources to implement widescale e-mail monitoring systems.  Smaller companies may be in a much different situation.

Of course, many employers find it distasteful to engage in this type of monitoring.  It can, if not handled properly, be destructive to employee morale and have lasting effects.  Nevertheless—for better or worse—many employees are slowly coming to grips with their employers’ monitoring efforts.  It’s just becoming a fact of life. 

But the truth is, I’ve had clients whose employees have e-mailed confidential and sensitive company data.  Some workers do it without thinking about it, while others are far more malevolent in their intentions.  This is especially the case when employees leave their companies on bad or poor terms.  So it’s a very real problem for employers that has very real consequences.  Thus, like it or not, monitoring will only continue to increase. 

Bottom Line:  Be careful.  You don’t have any right to privacy when you’re at work.  So don’t think that anything you send—whether to a spouse, boyfriend, girlfriend, doctor, stockbroker, or anyone else—is private.  Even if you have to send it and it can’t wait until you get home, an employer is within its rights to read your e-mail, no matter how private the subject matter.  Of course, what it does with that information is another matter.

In today’s world, where fraud is just a mouse click away, it’s nice to know that every so often the good guys win.  Three international hackers were indicted by the Department of Justice (“DOJ”) last week for trying to steal and sell credit card information from customers of Dave & Buster’s, the popular restaurant/entertainment chain.

According to the indictment, the hackers were able to install “packet sniffers” on many of the company’s servers to copy credit card information as it traveled between restaurants and Dave & Buster’s corporate headquarters in Dallas.  The company detected the intrusion and alerted the authorities, but not before 5,000 credit/debit card numbers were stolen and sold to other criminals to make fraudulent purchases.

One of the foreign hackers was arrested in Miami.  No problem there.  The other two, however, were arrested in the Ukraine and in Germany by those countries’ authorities.  It’s certainly not a done deal yet.  The DOJ is seeking the extradition of the other two, but no word yet whether those efforts will be successful. 

While these sorts of arrests are still few and far between given the magnitude of data theft and online fraud, it’s a start.  The DOJ is obviously taking the problem seriously.  Hopefully, other countries will too and the cooperation will continue.  With any luck, if these hackers are extradited, tried, and found guilty, the court will make an example out of them. 

It’s always refreshing to see companies take affirmative steps to try and protect users from malicious programs that can be inadvertently downloaded onto their computers.  Yahoo and McAfee are joining forces to unveil a new security feature designed to warn Yahoo users about potentially dangerous links to software such as adware, spyware, keystroke loggers, and other malicious programs.  Yahoo users will see a red exclamation point and a warning next to any links that McAfee has identified as containing harmful software.

It’s a good start and is one more weapon in the fight against increasingly sophisticated hi-tech criminals.  However, it’s only a matter of time before this new service becomes the target of lawsuits by companies who are identified as “false positives.”  That is, legitimate companies whose links are mistakenly identified as being malicious.

Remember the “real-time blackhole list (“RBL”)?”  This was a Mail Abuse Prevention Service (MAPS) which published lists of ISP addresses which were known to be associated with spammers.  A network could then filter out any questionable e-mail traffic and it would disappear in a metaphorical “black hole” and never reach its destination.

This prompted lawsuits from companies (who called themselves “e-mail marketers”) against RBL providers who claimed that they were being defamed by being erroneously or improperly included on these lists.   (They also included “false light” and restraint-of-trade claims.)  While most suits were dismissed or unsuccessful, they were designed to target and harass RBL providers who devised an otherwise sensible solution to an evergrowing spam problem.

It’s only a matter of time before some disgruntled company sues Yahoo and/or McAfee for being falsely identified to users as a provider of malicious software.  (Due to the Yahoo Terms of Service agreement, users will be unable to successfully sue if some malicious links or sites slip through.)   Still though, despite the threat of lawsuits, Yahoo and McAfee should be commended for trying to develop a solution—however temporary or imperfect—to this problem.  Of course, if any of my clients end up being falsely identified as providers of malicious software, then those companies will hear from me.  Until then, the battle continues.  

What a shock.  Lobbyists always get all of the best legislation through.  A House committee passed proposed legislation last week, the “Pro IP Act,” which would increase the penalties for illegally copying and distributing  movies and music.  The bill would also create a White House-level position termed an “Intellectual Property Czar.”  And therein lies one of the bills more serious stumbling blocks.

The bill heads to the House floor for a full vote this summer.  The Senate version of the bill is currently in committee.  Even if it passes Congress, there’s no guarantee that the President will sign it into law.  The White House reportedly has “very serious concerns with the legislation.”  So a veto is still possible.

Not surprisingly, the bill is championed by the music and movie business, as well as by other industries that have a great deal invested in their intellectual property (“IP”).  However, the Department of Justice has serious misgivings about the bill, particularly when it comes to a White House official who could interfere with the DOJ’s independence in matters involving criminal enforcement of IP laws. 

 The DOJ is rightly concerned that such a position could become “easily politicized.”  But what can’t in Washington anymore?  The DOJ certainly isn’t immune either.  Remember the Alberto Gonzalez scandal last year regarding the politically-motivated firings of federal prosecutors who were not perceived as being loyal enough to the Republican party and the current administration?  So politics is inescapable.  It’s only a matter of degree.

But the DOJ has a point and common sense will hopefully prevail.  While the DOJ is obviously not immune from political pressure either, it’s certainly more immune than a White House official is—at least in theory.  And installing an official beholden to the concerns of certain industries only sends yet another message to empower special interest groups with large checkbooks.  At a time when election-year politicians, watchdog groups, and voters alike are decrying the massive influence of lobbyists, installation of an “IP Czar” will only serve to escalate the rhetoric.   

Second, as a general matter, never trust the title of any position that has the word “czar” in it, even informally.  I regard that as somewhat—oh, what’s the word?— “undemocratic.”  Few will deny that IP theft and infringment threatens the viability of numerous industries.  But creating a special Cabinet-level position is not the answer.

Despite the House’s attempt to “clarify” and limit the czar’s role to “coordinat[ing] anti-piracy efforts across government” and not to “making policy,” what does this really mean from a practical perspective?  Wide scale coordination efforts seem to imply a certain amount of policy-making authority.  And historically, “czars” usually haven’t been subject to too much control.

Besides, why an “IP Czar” anyway?  Why not create an “Outsourcing Czar?”  With some studies estimating that 1 million to 2.5 million American jobs have been lost due to outsourcing, this issue affects far more people across many more industries.  Or how about a “Healthcare Czar?”  That’s an issue which affects everyone.  Oh yes, that’s right.  The common man has no lobbyist.  All we have are legislators.  

The short answer:  No.  Spam will continue to be one of the internet’s most enduring problems.  But it’s always nice to see a few small victories here and there.  Sanford Wallace, who earned the ignominious title of “Spam King,” is in the news once again. 

It seems that Mr. Wallace, in his infinite wisdom, decided to ignore a California federal district court’s order that he turn over requested documents to MySpace, one of the many plaintiffs who have sued him over the years (including AOL, Concentric Network Corp.,  Compuserve, Bigfoot, and the Federal Trade Commission), and provide a deposition to MySpace’s counsel.  According to the complaint, Mr. Wallace ran a phishing scam on MySpace and spammed thousands of its users.  Some people will just never learn.

The Spam King claimed that he was unable to comply because he was unaware of the requests and court orders, as he doesn’t accept mail (why might that be?) and also stated that he had a difficult time finding counsel (yes, we lawyers are always reluctant to take on new clients during a recession). 

The court didn’t buy it—no surprise there—and entered a default judgment against him.  Mr. Wallace is no stranger to default judgments:  He had previously been defaulted in May of 2006 in an action brought by the FTC and ordered to pay a fine of $4,089,500.  Moral of the story for Mr. Wallace:  Don’t break the law.  Moral of the story for everyone else:  Don’t ignore court orders.

In a separate recent spam case, Edward Davidson, who sent hundreds of thousands of e-mails with false headers, was sentenced to 21 months in prison and ordered to pay $715,000 to the IRS.  I suspect, however, that the bulk of the prison sentence was for the tax evasion charges, as it’s only a misdemeanor under the CAN-SPAM act to falsify header information.  Yet Mr. Davidson reportedly made at least $3.5 million sending out these e-mails.  And who says crime doesn’t pay?

While these cases are always satisfying to read, they are few and far between.  Spam is here to stay, regardless of the number of criminal prosecutions brought or default judgments entered.  First, the CAN-SPAM act only applies to spammers in the U.S.  A growing amount of spam is coming from overseas.  Most—if not all—of these foreign spammers are beyond the reach of U.S. law.  

Furthermore, many American spammers are reportedly using foreign servers to send their spam into this country.  Of course, if they could be identified, then the CAN-SPAM Act could be used against them (but it probably wouldn’t stop them anyway—just ask Sanford Wallace).  But you have to identify them first, which is exceedingly difficult when the servers are located outside of the U.S. 

So until the stakes for spammers increase substantially and other countries jump on the enforcement bandwagon, sending spam is still quite profitable—fines, penalties, and imprisonment notwithstanding.  Death penalty for spam, anyone?