Federal Communications Commission.
Final rule.
In this document, the Commission adopts rules to implement those aspects of the Controlling the Assault of the Non-Solicited Pornography and Marketing Act of 2003 (CAN SPAM Act) directed to the Federal Communications Commission (FCC or Commission). Also, in this document, the Commission adopts a general prohibition on sending commercial messages to any address referencing an Internet domain name associated with wireless subscriber messaging services. Furthermore, the Commission clarifies the delineation between these new rules implementing the CAN SPAM Act and our existing rules concerning messages sent to wireless telephone numbers under the Telephone Consumer Protection Act (TCPA).
Effective October 18, 2004 except § 64.3100(a)(4), (d), (e) and (f) of the Commission's rules, which contain information collection requirements under the Paperwork Reduction Act (PRA) that are not effective until approved by Office of Management and Budget (OMB). Written comments by the public on the new and modified information collections are due November 15, 2004. The Commission will publish a document in the
Federal Communications Commission, 445 12th Street, SW., Washington, DC 20554. In addition to filing comments with the Secretary, a copy of any comments on the
Ruth Yodaiken, of the Consumer & Governmental Affairs Bureau at (202) 418–7928 (voice), or e-mail
This
This
In this
Section 14 (b)(1) of the CAN SPAM Act requires that the Commission adopt rules to provide subscribers with the ability to avoid receiving a “mobile service commercial message” unless the subscriber has expressly authorized such messages beforehand. An MSCM is defined in the CAN SPAM Act as a “commercial electronic mail message that is transmitted directly to a wireless device that is utilized by a subscriber of commercial mobile service” as defined in 47 U.S.C. 332(d) “in connection with that service.” The CAN SPAM Act defines an electronic mail message as a message having a unique electronic mail address that includes “a reference to an Internet domain.”
In the CAN SPAM
Few commenters directly addressed the scope of MSCMs, aside from references to forwarding, SMS, and similar technology discussed below. We agree with Dobson that the definition of MSCM should be limited to messages sent to addresses referencing domain names assigned by each CMRS carrier for mobile service message (MSM) service. This is consistent with the intent of the CAN SPAM Act in that section 14 of the CAN SPAM Act governs only those messages that are mobile services messages. We therefore adopt a definition of MSCM that is limited to a message transmitted to an electronic mail address provided by a CMRS provider for delivery to the subscriber's wireless device. Our definition of MSCM only applies to
Commenters in general agree with our proposal that Internet-to-phone SMS calls should be covered by section 14 of the CAN SPAM Act. National Association of Attorneys General (NAAG) and other commenters argue that the FCC should also address all SMS, whether Internet-to-phone or phone-to-phone SMS service. Several commenters raise the issue of whether MSCMs should include all types of message services, including those transmitting images, audio messages and those using short codes.
We conclude that the definition of MSCM under the CAN SPAM Act includes any commercial electronic mail message as long as the address to which it is sent or transmitted includes a reference to the Internet and is for a wireless device as discussed above. This holds true regardless of the format of the message, such as audio messages. We believe this interpretation best applies the statutory language to the evolving technology for delivering such messages. Therefore, messages sent using Internet-to-phone SMS technology are among messages covered by section 14 of the CAN SPAM Act when they include an Internet reference in the address to which the message is sent or delivered.
We find, however, that the CAN SPAM Act does not apply to those technologies that use other types of addresses or numbers to send or deliver messages to wireless devices. For example, as discussed above, we agree with those commenters who maintain that phone-to-phone SMS is not captured by section 14 of the CAN SPAM Act because such messages do not have references to Internet domains. However, we note that while section 14 of the CAN SPAM Act is limited in scope to messages sent or transmitted to addresses that have references to Internet domains, the TCPA provides separate protections for calls made to wireless telephone numbers (without such references). And, as we explained in the
As a preliminary matter, we noted in the
Most commenters argue that Congress intended section 14 of the CAN SPAM Act to be a flat prohibition on sending MSCMs unless authorized by a given subscriber, and that such a prohibition is, in fact, necessary to protect subscribers. NAAG indicates that wireless devices are often used not for receiving commercial messages, but rather as security and safety devices—for emergencies and to communicate with family members. NAAG contends that Congress intended to craft a flat prohibition unless the consumer first consented to receive the messages, and that any rule treating inaction by the consumer as consent to receive any commercial messages would conflict with Congressional intent. The Direct Marketing Association (DMA) argues that the prohibition should apply only to messages for which the recipient must pay. The National Association of Realtors (NAR) contends that a general prohibition without certain exceptions would harm small businesses.
We conclude that wireless subscribers would be best protected by a flat prohibition on sending MSCMs unless express prior authorization has been obtained from the subscriber. We agree that wireless devices are not ones on which subscribers would expect to receive commercial messages. We agree that it is the intrusive nature of such messages, in addition to the costs to receive them, which necessitates our adopting a ban unless the consumer has taken some action to invite them. We believe that NAR's concerns about the burden on small businesses are addressed by the exemption for express prior authorization, discussed below.
Verizon Wireless argues that a prohibition without an exemption for wireless providers would violate the First Amendment. We disagree. A flat prohibition here satisfies the criteria set forth in
Under the first prong, we find that there is a substantial governmental interest in protecting privacy. Congress found that “there is a substantial government interest in regulation of commercial electronic mail on a nationwide basis.” Specifically, Congress found that (1) electronic mail has become an extremely important and popular means of communication, (2) that the convenience and efficiency of electronic mail are threatened by the high volume of unsolicited commercial electronic mail, (3) that the receipt of unsolicited commercial electronic mail may result in costs for storage and/or time spent accessing, reviewing, and discarding such mail, and (4) that the growth in such electronic mail imposes significant monetary costs on providers of Internet access services, businesses, and educational and nonprofit institutions. NAAG notes that in addition to being intrusive in general, unwanted calls to wireless devices use battery power and interfere with a consumer's ability to use devices during emergencies.
We find that the rules we adopt today will advance those interests, and do so with regulations that are no more extensive than necessary. Under the second prong, the method we adopt directly advances the government's interest by alerting senders to the electronic mail addresses that are associated with mobile services and prohibiting the sending of such messages to wireless devices. Under the third prong, we have reviewed other possible options and we believe the method we adopt today, tailored to affect only those addresses associated with mobile service, is no more extensive than necessary. In addition, senders of such messages may continue to contact recipients that have provided express prior authorization to do so. Our conclusion is also consistent with Court of Appeals decisions regarding First Amendment challenges to the TCPA. We conclude we have the authority and a mandate to adopt measures to protect the public from such messages. We believe that a prohibition, combined with a domain name list as discussed below, is the most effective method, but it is no more extensive than necessary, to accomplish that end.
In the
We sought comment on several proposals to enable senders to recognize which addresses were associated with wireless devices. These included developing a list of domain names, requiring carriers to use standard subdomain names, requiring a registry of individual electronic mail addresses, incorporating challenge-response technology, and otherwise maximizing use of filters.
We believe that creating a list of Internet domain names associated with CMRS subscribers and prohibiting the sending of commercial messages to addresses using those domain names is the best option at this time to allow subscribers to avoid unwanted MSCMs. We believe that if senders are able to identify wireless subscribers by domain name, consumers and carriers alike will benefit. The record reveals that it is already industry practice for CMRS providers to use certain subdomains exclusively to serve their MSM subscribers and that these subdomains distinguish such customers from other customers. Therefore the burden on wireless providers, even small wireless providers, to supply such names for a directory would be minimal. In addition, we agree with those commenters who indicate that making available to senders of MSCMs a list of the domains used by wireless subscribers is the most efficient option to assist senders in complying with the rules.
Senders will need to check the list on a regular basis to avoid sending MSCMs to the domain names on the list. We believe that, due to the estimated small size of the list and the evidence that the list is anticipated to remain relatively static; the list is the option that imposes a burden that is no more extensive than necessary for senders as well. Furthermore, such a registry places no burdens on subscribers who wish to avoid unwanted MSCMs and it does not collect personal information about those subscribers. Subscribers need not change their electronic mail addresses or take any further action to avail themselves of the protections under section 14 of the CAN SPAM Act. Thus, despite the concerns of some commenters regarding other proposals in the
T-Mobile urges the Commission not to require wireless service providers to provide domain names for a domain name list. T-Mobile argues instead that a voluntary list would afford each provider the ability to choose whether to publicize its domain name. However, we note that many of these domain names are already widely known or publicly available. Congress has directed us to give all wireless consumers the ability to avoid unwanted MSCMs, and we have no authority to limit such protections to subscribers of those carriers that elect to submit a domain name to the list. Therefore, we decline to make the submission of domain names to the list voluntary for wireless providers.
Therefore, we require all CMRS carriers, including small carriers, to file with the Commission the names of all electronic mail domain names used to offer subscribers messaging specifically for mobile devices. Once we have obtained approval from the Office of Management and Budget (OMB) for information collections associated with these rules, the Commission will issue a separate public notice in this docket outlining the process for submitting this information and the timeframe for doing so. Carriers will also be required to file any updates to their listings with the Commission not less than 30 days before issuing subscribers a new or modified domain name. Carriers are encouraged to file updated information further in advance. In addition, to ensure the continued accuracy of the list, carriers must remove any domain name that has not been issued to subscribers or is no longer in use within 6 months of placing it on the list or last date of use.
We will make the official list of domain names available to the public from the FCC's website, in a similar fashion to the list of Section 255 Service Provider contacts. The list will be updated regularly. The Commission will issue a second public notice announcing the date on which senders of commercial electronic mail will have access to the domain name list from the Commission's website. Senders will then have an additional 30 days from the date the list becomes publicly available to comply with the rules to avoid sending MSCMs to wireless subscribers absent their express prior authorization.
As discussed above, to make such a list effective, we also adopt rules to prohibit the sending of any commercial
Persons initiating commercial messages would be expected to check the domain name list to ensure that they are not sending MSCMs without express prior authorization. While we will not require any person or entity to provide proof of when they consulted the domain name list, any person or entity may use as a “safe harbor” defense proof that a specific domain name was not on the list more than 30 days before the offending message was initiated. This “safe harbor” defense shall not excuse any willful violation of the ban on sending unwanted messages to wireless subscribers. Any person or entity will be considered in violation of the prohibition if the message is initiated knowingly to a subscriber of MSM service, even if it is sent within 30 days of the domain name appearing on the list. This prohibition applies to the entity on whose behalf the message is sent and to any other entity that knowingly transmits an MSCM without consulting the domain name list.
Cingular, Nextel, VeriSign and Verizon Wireless caution the Commission against requiring subdomain naming standards. They note this would be costly for subscribers, especially small businesses, who could have large administrative costs to change their advertising and business materials to reflect a new address. Cingular states that a subdomain naming standard would also force carriers to absorb considerable costs. Carriers argue also that any cost to protect wireless subscribers from unwanted commercial mail should fall instead to the senders of such mail. While we agree with NAAG and National Automobile Dealers Association (NADA) that a standard subdomain name would be simpler for senders, we believe it would be more burdensome for carriers, especially small businesses, to implement than a domain name list. In addition, we agree that, consistent with the intent of the CAN SPAM Act, subscribers should not have to bear additional costs, such as the administrative costs mentioned, in
Commenters generally oppose the establishment of a registry of individual subscriber addresses, even if it is limited to MSM subscribers. They contend that such a registry would not be secure, could enable spammers to send more unwanted electronic mail messages, and that the security risk would threaten consumer privacy interests. Commenters also maintain that such a registry would be burdensome for consumers and for senders, that there would be huge operational problems with setting up such a registry, that it would be ineffective, and that it would be costly to train senders to use it properly. The DMA submitted a detailed study demonstrating what it believes are significant problems with the security, practicality, and technical feasibility of such a registry. Only a few commenters argue that a registry of electronic mail addresses would be useful, with little or no support for their conclusions, and one commenter saying it would be beneficial if combined with other anti-spam measures.
Upon careful consideration of the costs and benefits of creating a national wireless do-not-e-mail registry of individual electronic mail addresses, we believe that the disadvantages of such a system described in the record outweigh any possible advantages at this time. A national registry containing individual electronic mail addresses would involve significant resources and cost to set up and administer. Because a registry of individual addresses may potentially contain millions of records, it could also be burdensome for senders of MSCMs, including small businesses, to regularly access, download, and use the registry to check against targeted addresses. It would be less burdensome to do the same with a much smaller list of mobile service domain names. Even if the resources were devoted to establishing such a registry, commenters describe serious concerns about a registry becoming a target for unscrupulous marketers who would target electronic mail addresses on the list. As noted by the DMA, other commenters, and by the FTC in a Report to Congress, because such a list would be considered valuable to such marketers, there is a significant risk that such individuals might be motivated to try to obtain the list specifically for the purpose of sending unsolicited messages to those addresses. The record also reveals that at this time such a registry would not be as effective as one containing only domain names. Commenters note that the annual rate for electronic mail address turnover is high'as much as 32 percent per annum. As the FTC noted, unlike the do-not-call registry, which uses phone databases to purge the list of disconnected phone numbers, there is no database for abandoned electronic mail addresses. Thus, any database containing such addresses would continually expand, and include valid and unused addresses. For all of these
We believe that it is the industry itself that can help give consumers additional protections and abilities to avoid unwanted electronic mail from sources other than legitimate businesses. Wireless and technology providers contend the Commission should not regulate in detail the wireless providers' efforts to combat unwanted messages. Those providers who commented in this proceeding note that they are aggressively working to stop unwanted messages. We applaud them for those efforts and do not want to interfere with this area of evolving technologies and market forces. We agree that at this time it is not necessary for the Commission to become involved in mandating detailed technical solutions. However, we strongly encourage providers to provide subscribers with additional reasonably effective methods to avoid receiving unauthorized MSCMs. We believe service providers should determine for themselves appropriate solutions to employ and offer, and we expect all providers to offer subscribers protections against unwanted messages. We will continue to monitor the effectiveness of our rules and the efforts of wireless providers to protect wireless subscribers from MSCMs and may revisit this issue at a later date to ensure that subscribers are afforded sufficient safeguards from all unwanted commercial messages.
Congress directed the FCC to adopt rules to provide consumers with the ability to avoid receiving MSCMs, unless the subscriber has provided express prior authorization to the sender. We sought comment on the form and content that such “express prior authorization” should take. Specifically, we sought comment on whether senders should be required to obtain a subscriber's express authorization in writing, and how any such requirement could be met electronically. We also asked if senders should be required to provide a notice to recipients about the possibility that costs could be incurred in receiving any such messages. We asked whether the term “affirmative consent” in The CAN SPAM Act would be suited to use in defining “express prior authorization.”
Commenters were generally split on whether the Commission should require senders to obtain express authorization from subscribers in writing. Wireless providers generally oppose any written authorization requirement, while consumers' groups contend that authorization should be obtained in writing, along with a signature. Wireless providers instead argue that senders should be allowed flexibility to obtain authorization via the Internet, orally over the telephone, or through messages sent to the subscriber's wireless device. Some suggest that consent forms requiring a signature would be impractical and hinder communications between sellers and consumers. NAAG, on the other hand, contends that the rules should be modeled after the Commission's “do-not-call” provisions, where express authorization must be evidenced only with a signed, written agreement between the consumer and seller which states that the consumer agrees to be contacted by the seller and includes the telephone number to which calls may be placed. Electronic Privacy Information Center (EPIC) warns that authorization not provided in writing may result in some senders falsely claiming they had the recipient's authorization to send MSCMs. EPIC adds that any authorization notice to the subscriber should be clear and conspicuous and written in plain language for the subscriber.
As mandated by the CAN SPAM Act, we require any sender of MSCMs to obtain the express authorization of the recipient prior to sending any MSCMs to that subscriber. We agree with those commenters that contend that “affirmative consent” as defined in the CAN SPAM Act is not suited to defining “express prior authorization” because protections for wireless subscribers are meant to be more stringent. Given the intent of Congress to afford greater protections from spam to wireless subscribers than to consumers generally, we believe that the burden must rest with the sender of MSCMs to obtain authorization from any subscriber prior to sending any MSCMs. Senders must also do so in a manner that best protects subscribers' privacy interests. However, we decline to require senders to obtain a subscriber's authorization in writing.
We will permit senders to obtain authorization by oral or written means, including electronic methods. A sender may obtain the subscriber's express prior authorization to transmit MSCMs to that subscriber in writing. Written authorization may be obtained in paper form or via an electronic means such as an electronic mail message from the subscriber. It must include the subscriber's signature and the electronic mail address to which MSCMs may be sent. Senders who choose to obtain authorization in oral format are also expected to take reasonable steps to ensure that such authorization can be verified.
We note here that in the event any complaint is filed, the burden of proof rests squarely on the sender, whether authorization has been obtained in written or in oral form. We do so to avoid the likelihood that any businesses will try to fabricate authorization. Given the potential costs and inconvenience to subscribers to receive such MSCMs, it is important that such messages be sent only to those wireless devices belonging to receptive subscribers. We strongly suggest that senders take steps promptly to document that they received such authorization. Recognizing the potential for fraud by both a person signing up someone else to receive MSCMs and by businesses fabricating authorization, we recommend that the business confirm the electronic mail address with a confirmatory notice sent to the recipient requesting a reply. We emphasize that sending any commercial message to a wireless device, including any falsely purporting to be confirmatory messages, is a violation of our rules unless the subscriber has already provided express prior authorization and the sender bears the burden of showing that has occurred.
Whether given orally or in writing, express prior authorization must be express, must be given prior to the sending of any MSCMs, and must include the electronic mail address to which such MSCMs may be sent. In addition, we believe that consistent with the intent of the CAN SPAM Act, consumers must not bear any additional costs to receive a request for authorization, and must be able to reply to such a request without incurring any additional costs. In addition to actual costs for such messages, as noted above, recipients may incur costs for time spent accessing, reviewing, and discarding such mail. Thus, senders are prohibited from sending any request for authorization to any wireless subscriber's wireless devices. Express prior authorization may not be obtained in the form of a “negative option.” If a
We emphasize that if the sender subsequently is notified by the subscriber that the subscriber does not wish to receive MSCMs, the sender must cease sending such messages within 10 business days of the receipt of such request in compliance with section 5(a)(4)(A) of the CAN SPAM Act. We note, however, that this 10-day time period may change should the FTC amend its rules. We delegate to the Consumer & Governmental Affairs Bureau the authority to amend the rules to reflect any updates in the time-frames adopted by the FTC.
A subscriber who provides an electronic mail address for a specific purpose,
We decline to carve out any exemptions from the “express prior authorization” requirements. We find that any exemption for a particular industry would be in direct conflict with the intent of the CAN SPAM Act to protect wireless subscribers from commercial electronic mail messages that they do not wish to receive. We also find that permitting senders to obtain authorization orally or in writing, addresses the concerns described by certain commenters in obtaining such authorization.
The legislative history demonstrates that section 14 of the CAN SPAM Act was included so that wireless subscribers would have greater protections from commercial electronic mail messages than those protections provided elsewhere in the CAN SPAM Act. Congress was concerned about the intrusive nature of wireless spam and the costs to subscribers associated with receiving such spam. Thus, we emphasize that any MSCM sender that claims its messages are transmitted based on oral, written, or electronic authorization must be prepared to provide clear and convincing evidence of such express prior authorization by the subscriber. The failure to obtain such authorization before sending MSCMs will be a clear violation of the CAN SPAM Act and Commission's rules.
Commenters suggested technical options for withdrawing authorization including a return electronic mail address, a hyperlink to a website, the use of short code mechanisms, telephone-based techniques such as those that allow the caller to use key pads, or some combination of the foregoing. Members of the U.S. House of Representatives and the Motion Picture Association of America, encourage the Commission to adopt a simple, streamlined electronic response technique to quickly withdraw prior authorization using a recipient's handset. Two commenters contend that requiring small businesses to set-up and maintain a website for the purpose of rejecting future messages would impose an unreasonable burden. NAAG contends the first screen of any MSCM should display the existence of an option to decline to receive messages and the means by which it can be exercised.
As a preliminary matter we note that section 5(a)(3) of the CAN SPAM Act requires that all commercial electronic mail include “a return electronic mail address or other Internet-based mechanism, clearly and conspicuously displayed.” Several commenters endorsed the applicability of the general provision of section 5(a)(3) of the CAN SPAM Act for MSCMs, indicating that a return electronic mail address or other Internet-based mechanism, such as a link to a website, would serve as a mechanism for electronically rejecting further items and should be included in any MSCM sent. We agree that this provision would need to be included in all MSCMs in
We believe, however, that more is required. Our decision is informed by the significant differences between the resources that may be available to recipients of MSCM and the resources available to recipients of electronic mail messages in general. In particular our definition of MSCM includes messages that originate on the Internet and that
Therefore, we conclude that in addition to the general requirement of the CAN SPAM Act that each MSCM have a functioning return electronic mail address or other form of Internet-based communication, a sender of an MSCM must provide the recipient with access to whatever mechanism they were given access to in
A sender may include other mechanisms at his discretion, so long as these basic requirements are met. The means by which a recipient notifies the sender that the recipient does not wish to receive additional MSCMs can impose no new requirements on the recipient beyond the means by which he provided prior express authorization. In addition, the sender may not subject the subscriber to further commercial advertising or solicitation as part of the procedure the recipient must use to reject future messages.
Consistent with CAN SPAM Act section 5(a)(3), for no less than 30 days following the transmission of an MSCM, all included mechanisms for acquiring express prior authorization must remain capable of receiving and honoring the recipient's rejection of further messages. As we indicate above, the sender must cease sending further messages within the amount of time that the FTC has allotted for senders to act upon requests for rejecting subsequent messages, currently set at 10 business days after receipt of any request from the subscriber.
In regards to small businesses, we note that the flexibility provided for obtaining express prior authorization and for notifying the sender of the subsequent rejection of further items addresses the concerns of small business interests that, for example, a small business not be required to set-up and maintain a new website. We further note that because the recipient must be given express prior authorization for any MSCM that arrives, we see no need to adopt NAAG's suggestion to require material regarding how to decline to receive more messages to be displayed on the first screen of any MSCM. Finally, the record does not indicate that provider services and subscriber devices currently support a common response-based technique that is simple for subscribers to use and that the Commission could adopt. We therefore encourage industry to develop an industry-standard means by which a subscriber can use his handset to easily respond to a sender that he no longer wishes to receive MSCMs. We will monitor whether industry has developed a standard means by which subscribers can use handsets to respond and may revisit this issue at a later date.
Section 14 (b)(3) of the CAN SPAM Act allows the Commission to exempt providers of commercial mobile services to the general prohibition on the sending of MSCMs. In doing so, the Commission must take into consideration the “relationship that exists between providers of such services and their subscribers.” However, as the CAN SPAM Act clearly states, our overall mandate is to protect consumers from unwanted MSCMs. The CAN SPAM Act does not require the Commission to provide an exemption, only to consider whether such an exemption would be appropriate. As a result, the Commission sought comment in the
In the
(i) To facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender; (ii) to provide warranty information, product recall information, or safety or security information with respect to a commercial product or service used or purchased by the recipient; (iii) to provide (I) notification concerning a change in the terms or features of; (II) notification of a change in the recipient's standing or status with respect to; or (III) at regular periodic intervals, account balance information or other type of account statement with respect to a subscription, membership, account, loan, or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender; (iv) to provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating, or enrolled; or (v) to deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender.
In light of the exclusions of those types of messages, we asked in the
NAAG, consumer groups, and a privacy organization argue that there is no basis for granting an exemption for CMRS providers. CMRS providers argue they should have an exemption—with two providers noting this should be only if the carriers do not charge subscribers for the messages they send. However, despite the
Based upon the record before us, we decline to grant CMRS providers a special exemption from the requirement to obtain express prior authorization from their current subscribers before sending them any MSCM. In reaching this decision, we are persuaded by commenters, including many consumer groups and individuals, who urge us to provide greater consumer protection for wireless consumers—protection that is not diluted by such an exemption. The CAN SPAM Act itself requires us to protect consumers from “unwanted” commercial messages, not only those that have additional costs. As commenters note, consumers are concerned with the nuisance of receiving such messages.
Several of these commenters emphasize that CMRS providers should not be exempt from the rules requiring express prior authorization because the bulk of CMRS providers' communications with their customers are already expressly exempted under the CAN SPAM Act as “transactional and relationship” messages. We agree that the few examples that CMRS providers supplied in the record appear to already fall within “transactional and relationship” messages or otherwise outside of the definition of “commercial” messages. For example, T-Mobile contends that it needs to be able to send notices to customers about fraud. As noted above, the CAN SPAM Act defines a “commercial electronic mail message” as an electronic message for which the “primary purpose” is the “commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose).” If the primary purpose of the message was to alert customers about fraud, we do not believe T-Mobile's example would fall within the definition of “commercial” and therefore would not fall under the CAN SPAM Act at all. In addition, Nextel provides the example of a carrier needing to send out an alert to a prepaid customer that his account balance is running low. If that was the primary purpose of the message, such a message would fall under the exemption for transaction and relationship message.
As noted previously, the FTC has authority to develop the criteria used to define whether a message is “commercial,” as well as any modifications for what is considered in the exemption of transactional and relationship messages. Therefore, we delegate to the Consumer & Governmental Affairs Bureau the authority to amend the rules we adopt today to ensure consistency with any rule the FTC adopts under the CAN SPAM Act to further define “commercial” and “transactional relationship” messages.
Although CMRS providers contend that an exemption should be provided, very little support for such an exemption was provided in the record in this proceeding. Much of the comment in support of the exemption is conclusory in nature. T–Mobile states that, by empowering the Commission to exempt wireless carriers from section 14 (b)(1) of the CAN SPAM Act, Congress has recognized that the MSCMs sent by wireless carriers are fundamentally different than MSCMs sent by all other senders. Cingular, Nextel and Sprint urge the Commission to presume that the customer is willing to receive information about their providers' new products and services. Nextel notes that, unlike third parties, wireless carriers can ensure that customers are not charged for such messages. Dobson states that, in many cases, a subscriber would prefer an SMS message from its carrier rather than a phone call or bill insert.
We note again that Congress' intent in including section 14 in the CAN SPAM Act was to afford wireless consumers greater protection from unwanted commercial electronic mail messages. Ultimately, we are persuaded that safeguarding wireless consumers from MSCMs, undiluted with an exemption for CMRS providers, will ensure that consumers receive “less, not more, spam.” The record shows that MSCMs sent by CMRS providers are not fundamentally different from those sent by other senders, other than that they may be provided without additional cost to subscribers. An MSCM from a CMRS provider may be just as intrusive, and costly in other respects, as an MSCM from a third party. As Congress noted, the receipt of unwanted mail can result in costs “for the storage of such mail, or for the time spent accessing, reviewing, and discarding such mail.” In addition, providers have unique channels such as monthly statements and web sites, through which they can request a subscriber's prior express authorization. We note that the rules we establish in this proceeding are sufficiently flexible to enable the CMRS provider to readily obtain the subscriber's express prior authorization in a number of ways, if a CMRS provider desires to send an MSCM to any wireless subscriber. For all of those reasons, a promise to make them cost-free alone does not suffice as justification for an exemption.
Accordingly, we decline to exempt CMRS providers from the requirement to obtain express prior authorization from their current subscribers before sending them any MSCM. For similar reasons, we also decline to create an exemption for other entities, such as realtors or small businesses. NAR argues that the MSCM rules should not apply to a real estate professional's communications to their clients about the services they are providing to that client, or to communications between associations and their members. As noted above, the CAN SPAM Act's existing exemption already broadly covers many transaction and relationship messages. Furthermore, the allowance for orally obtaining express prior authorization, which NAR advocates, should allow realtors to obtain such authorizations as needed. NAR has not established that messages sent by its members are fundamentally different from those sent by other senders. An MSCM from a real estate professional may be just as intrusive, and costly as an MSCM from any other entity. ACA International contends that messages sent to wireless devices for the primary purpose of collecting debts are not MSCMs as they are not “commercial” and therefore are exempt from the CAN SPAM Act. As we noted
We asked for comment on specific compliance issues that senders of MSCM might have with other sections of the CAN SPAM Act. We noted in the
Finally, CTIA contends that wireless carriers should be given special treatment with regard to general compliance with the information requirements of section 5 of the CAN SPAM Act, given that they can provide this data at the time of subscription and in each monthly bill. CTIA contends in a footnote that interpreting the statute to mean that CMRS providers would need to comply with all the information requirements of section 5 would render section 14 (b)(4) of the CAN SPAM Act meaningless. We disagree. Based on the information discussed above regarding messages sent by CMRS providers, we find there is no reason for treating them differently from other businesses.
As required by the Regulatory Flexibility Act of 1980, as amended (RFA), an Initial Regulatory Flexibility Analysis (IRFA) was incorporated in the
On December 8, 2003, Congress passed the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN SPAM Act) to address the growing number of unwanted commercial electronic mail messages, which Congress determined to be costly, inconvenient, and often fraudulent or deceptive. Congress found that recipients “who cannot refuse to accept such mail” may incur costs for storage and for “time spent accessing, reviewing, and discarding such mail.” The CAN SPAM Act prohibits any person from transmitting such messages with false or misleading information about the source or content, and gives recipients the right to decline to receive additional messages from the same source. Certain agencies, including the Commission, are charged with enforcement of the CAN SPAM Act.
Section 14 of the CAN SPAM Act requires the Commission to (1) promulgate rules to protect consumers from unwanted mobile service commercial messages, and (2) consider, in doing so, the ability of senders to determine whether a message is a mobile commercial electronic mail message. In addition, the Commission shall consider the ability of senders of mobile service commercial messages to comply with the CAN SPAM Act in general. Furthermore, the CAN SPAM Act requires the Commission to consider the relationship that exists between providers of such services and their subscribers.
On March 19, 2004, the Commission issued the
In 1991, the Telephone Consumer Protection Act (TCPA) was enacted to address certain telemarketing practices, including calls to wireless telephone numbers, which Congress found to be an invasion of consumer privacy and even a risk to public safety. The TCPA specifically prohibits calls using an automatic telephone dialing system or artificial or prerecorded message “to any telephone number assigned to a paging service, cellular telephone service, specialized mobile radio service, or other common carrier service, or any service for which the called party is charged.” The CAN SPAM Act provides that “[n]othing in this Act shall be interpreted to preclude or override the applicability” of the TCPA.
In 2003, we released a
In the
This
In addition, this
There were no comments filed that specifically addressed the rules and policies proposed in the IRFA.
The RFA directs agencies to provide a description of and, where feasible, an estimate of the number of small entities that may be affected by the rules adopted herein. The RFA generally defines the term “small entity” as having the same meaning as the terms “small business,” “small organization,” and “small governmental jurisdiction.” In addition, the term “small business” has the same meaning as the term “small business concern” under the Small Business Act. Under the Small Business Act, a “small business concern” is one which: (1) Is independently owned and operated; (2) is not dominant in its field of operation; and (3) satisfies any additional criteria established by the Small Business Administration (SBA).
The rules adopted in this
Sometimes when identifying small entities we provide information describing auctions' results, including the number of small entities that were winning bidders. We note, however, that the number of winning bidders that qualify as small businesses at the close of an auction does not necessarily reflect the total number of small entities currently in a particular service. The Commission does not generally require that applicants do not provide business size information, nor does the Commission track subsequent business size, except in the context of an assignment or transfer of control application where unjust enrichment issues are implicated.
As noted in paragraph [8], we believe that all small entities affected by the rules contained in this Order will fall into one of the large SBA categories described above. In an attempt to provide as specific information as possible, however, we are providing the following more specific categories.
In the
On January 26, 2001, the Commission completed the auction of 422 C and F Broadband PCS licenses in Auction No. 35. Of the 35 winning bidders in this auction, 29 qualified as “small” or “very small” businesses. Subsequent events, concerning Auction 35, including judicial and agency determinations, resulted in a total of 163 C and F Block licenses being available for grant.
The auction of the 1,053 800 MHz SMR geographic area licenses for the General Category channels began on August 16, 2000, and was completed on September 1, 2000. Eleven bidders won 108 geographic area licenses for the General Category channels in the 800 MHz SMR band qualified as small businesses under the $15 million size standard. In an auction completed on December 5, 2000, a total of 2,800 Economic Area licenses in the lower 80 channels of the 800 MHz SMR service were sold. Of the 22 winning bidders, 19 claimed small business status and won 129 licenses. Thus, combining all three auctions, 40 winning bidders for geographic licenses in the 800 MHz SMR band claimed status as small business.
In addition, there are numerous incumbent site-by-site SMR licensees and licensees with extended implementation authorizations in the 800 and 900 MHz bands. We do not know how many firms provide 800 MHz or 900 MHz geographic area SMR pursuant to extended implementation authorizations, nor how many of these providers have annual revenues of no more than $15 million. One firm has over $15 million in revenues. We assume, for purposes of this analysis, that all of the remaining existing extended implementation authorizations are held by small entities, as that small business size standard is approved by the SBA.
There are two distinct types of compliance requirements associated with this
As a result of this mandate, businesses wishing to send commercial electronic messages must avoid sending messages to addresses that reference the domain names for wireless devices unless they have obtained the subscriber's express prior authorization. To do this, senders may check the list of domain names. Thus, prior to sending a commercial message to that address, businesses must also obtain express authorization from any subscriber whose e-mail address includes a domain name that appears on the list. This express authorization may be obtained either by oral or written means and must be obtained only once until the subscriber revokes such authorization. Because the list of domain names is expected to be small, we do not anticipate the compliance burden of checking such a list to be great.
The RFA requires an agency to describe any significant alternatives that it has considered in developing its approach, which may include the following four alternatives (among others): “(1) The establishment of differing compliance or reporting requirements or timetables that take into account the resources available to small entities; (2) the clarification, consolidation, or simplification of compliance and reporting requirements under the rule for such small entities; (3) the use of performance rather than design standards; and (4) an exemption from coverage of the rule, or any part thereof, for such small entities.”
Initially, we note that the rules are intended to protect subscribers, including small businesses, from unwanted mobile service commercial messages. Congress found these unwanted messages to be costly and time-consuming for wireless subscribers. The rules adopted in this
One alternative considered by the Commission was a registry of individual e-mail addresses. This list would have been similar to the national “do-not-call” registry; however, after careful consideration of the costs and benefits of creating a national do-not-e-mail registry, including consideration of the burden on small businesses, we believe that the disadvantages of such a system outweigh the possible advantages. We would expect such a system to contain millions of records, which unlike the “do-not-call” registry would each be unique in length and type of characters, making searching and scrubbing of such a list difficult and time consuming, perhaps inordinately so for small businesses. Therefore, we instead chose to adopt rules requiring the registering of domain names used for mobile service with the Commission.
Unlike individual e-mail addresses, the list of domain names is limited and manageable. The record indicates that it is already wireless providers' practice to use certain domain names and that the establishment of such a list would not burden carriers, presumably not even small carriers, and would place the burden of complying with the CAN SPAM Act on the senders of commercial messages. No commercial e-mail can be sent to an address that contains one of the domain names that has been on the list for 30 days or the that sender otherwise knows to be for wireless service, unless the sender has obtained express authorization from the subscriber. The list of domain names will be available without cost from the Commission in an electronic format. While senders of commercial messages will not be required to provide proof that they consulted the wireless domain name list or that they consulted it at a particular time, any person or entity may use as a “safe harbor” defense the fact that a specific domain name was not on the list more than 30 days before the offending message was initiated. This “safe harbor” defense shall not excuse any willful violation—if the sender otherwise know the e-mail address to be protected—of the ban on sending unwanted messages to wireless subscribers. We expect that global searches of senders' electronic mail lists to identify the domain names will be easy and inexpensive.
A second alternative considered by the Commission was in the area of obtaining express authorization. The Commission has declined to require that the express authorization be in writing. Senders, who must obtain this authorization before sending commercial electronic messages, are permitted to obtain such authorization by oral or written means, including electronic methods. Although not alleviating the entire burden on small businesses, the record would suggest that there is less of a burden if authorizations can be made orally instead of in writing. If the authorization is in writing, it may be obtained in a variety of ways—including paper form or electronic mail. By
The Commission will send a copy of the
Accordingly, pursuant to authority contained in sections 1–4, 222, 227 and 303(r) of the Communications Act of 1934, as amended; 47 U.S.C. 151–154, 222, 227, and 303(r); and the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, Public Law 108–187, 117 Statute 2699; 15 U.S.C. 7701–7712, the
The requirements of this
The Commission delegates to the Consumer & Governmental Affairs Bureau the authority to amend the rules to reflect any updates in the time-frames adopted under this
The Commission's Consumer & Governmental Affairs Bureau, Reference Information Center, shall send a copy of this
Communications common carriers and Reporting and recordkeeping requirements.
(a) No person or entity may initiate any mobile service commercial message, as those terms are defined in paragraph (c)(7) of this section, unless:
(1) That person or entity has the express prior authorization of the addressee;
(2) That person or entity is forwarding that message to its own address;
(3) That person or entity is forwarding to an address provided that
(i) The original sender has not provided any payment, consideration or other inducement to that person or entity; and
(ii) That message does not advertise or promote a product, service, or Internet website of the person or entity forwarding the message; or
(4) The address to which that message is sent or directed does not include a reference to a domain name that has been posted on the FCC's wireless domain names list for a period of at least 30 days before that message was initiated, provided that the person or entity does not knowingly initiate a mobile service commercial message.
(b) Any person or entity initiating any mobile service commercial message must:
(1) Cease sending further messages within ten (10) days after receiving such a request by a subscriber;
(2) Include a functioning return electronic mail address or other Internet-based mechanism that is clearly and conspicuously displayed for the purpose of receiving requests to cease the initiating of mobile service commercial messages and/or commercial electronic mail messages, and that does not require the subscriber to view or hear further commercial content other than institutional identification;
(3) Provide to a recipient who electronically grants express prior authorization to send commercial electronic mail messages with a functioning option and clear and conspicuous instructions to reject further messages by the same electronic means that was used to obtain authorization;
(4) Ensure that the use of at least one option provided in paragraphs (b)(2) and (b)(3) of this section does not result in additional charges to the subscriber;
(5) Identify themselves in the message in a form that will allow a subscriber to reasonably determine that the sender is the authorized entity; and
(6) For no less than 30 days after the transmission of any mobile service commercial message, remain capable of receiving messages or communications made to the electronic mail address, other Internet-based mechanism or, if applicable, other electronic means provided by the sender as described in paragraph (b)(2) and (b)(3) of this section.
(c)
(1)
(2)
(3)
(4)
(5)
(6)
(7)
(8)
(i) To facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into with the sender;
(ii) To provide warranty information, product recall information, or safety or security information with respect to a commercial product or service used or purchased by the recipient;
(iii) To provide:
(A) Notification concerning a change in the terms or features of;
(B) Notification of a change in the recipient's standing or status with respect to; or
(C) At regular periodic intervals, account balance information or other type of account statement with respect to a subscription, membership, account, loan, or comparable ongoing commercial relationship involving the ongoing purchase or use by the recipient of products or services offered by the sender;
(D) To provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating, or enrolled; or
(E) To deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender.
(d)
(1) Written authorization must contain the subscriber's signature, including an electronic signature as defined by 15 U.S.C. 7001 (E–Sign Act).
(2) All authorizations must include the electronic mail address to which mobile service commercial messages can be sent or directed. If the authorization is made through a website, the website must allow the subscriber to input the specific electronic mail address to which commercial messages may be sent.
(3) Express Prior Authorization must be obtained by the party initiating the mobile service commercial message. In the absence of a specific request by the subscriber to the contrary, express prior authorization shall apply only to the particular person or entity seeking the authorization and not to any affiliated entities unless the subscriber expressly agrees to their being included in the express prior authorization.
(4) Express Prior Authorization may be revoked by a request from the subscriber, as noted in paragraph (b)(2) and (b)(3) of this section.
(5) All requests for express prior authorization must include the following disclosures:
(i) That the subscriber is agreeing to receive mobile service commercial messages sent to his/her wireless device from a particular sender. The disclosure must state clearly the identity of the business, individual, or other entity that will be sending the messages;
(ii) That the subscriber may be charged by his/her wireless service provider in connection with receipt of such messages; and
(iii) That the subscriber may revoke his/her authorization to receive MSCMs at any time.
(6) All notices containing the required disclosures must be clearly legible, use sufficiently large type or, if audio, be of sufficiently loud volume, and be placed so as to be readily apparent to a wireless subscriber. Any such disclosures must be presented separately from any other authorizations in the document or oral presentation. If any portion of the notice is translated into another language, then all portions of the notice must be translated into the same language.
(e) All CMRS providers must identify all electronic mail domain names used to offer subscribers messaging specifically for wireless devices in connection with commercial mobile service in the manner and time-frame described in a public notice to be issued by the Consumer & Governmental Affairs Bureau.
(f) Each CMRS provider is responsible for the continuing accuracy and completeness of information furnished for the FCC's wireless domain names list. CMRS providers must:
(1) File any future updates to listings with the Commission not less than 30 days before issuing subscribers any new or modified domain name;
(2) Remove any domain name that has not been issued to subscribers or is no longer in use within 6 months of placing it on the list or last date of use; and
(3) Certify that any domain name placed on the FCC's wireless domain names list is used for mobile service messaging.