By DAVID KESMODEL
THE WALL STREET JOURNAL ONLINE
January 12, 2006

Lawmakers in Utah and Michigan have moved aggressively to shield children from spam promoting pornography, alcohol and other adults-only products. The states have created registries of kids' email addresses and bar businesses, located in state or not, from sending inappropriate sales pitches to minors.

But the laws, enacted last year, face mounting opposition from a wide range of groups, including a legal challenge from a trade group representing the adult-entertainment industry.

The states let parents and schools register any email address accessible to a child, at no cost. Each month, companies must pay to have a designated third party examine their marketing lists for addresses that appear on the registries. The cost for a business can total thousands of dollars, and violators face stiff fines.

An array of organizations has lined up against the registries, which other states have begun exploring. The critics question the effectiveness of such lists, since some of the most offensive email often comes from overseas companies or shadowy U.S. groups that already ignore laws. Critics also argue that the expenses incurred by legitimate marketers are too high, and some worry about online predators gaining access to the lists of kids' addresses. Last month, the Federal Trade Commission said such registries pose serious "security and privacy risks."

The Free Speech Coalition, a trade group for the adult-entertainment industry, filed a lawsuit in federal court in Utah in November seeking to bar the state from enforcing its law, saying it is invalid under a federal anti-spam law and violates free-speech provisions of the U.S. Constitution. Several groups said they plan to join in filing a legal brief in the suit opposing the Utah law, including the Email Sender and Provider Coalition, a marketing trade group; Beverage Solutions Inc., a beer-and-wine seller; and the Electronic Frontier Foundation, a digital-rights advocacy group.

"This thing just does not work," said Trevor Hughes, executive director of the Email Sender and Provider Coalition, whose members include marketing firms like DoubleClick Inc. and Harte-Hanks Inc.

Countered Mike Bishop, the state senator who spearheaded Michigan's legislation: "This, to me, is just the right thing to do. I think the fact that these companies are coming out and suing for the first time is a good indication that it works."

Mr. Bishop, a Republican, said he has been contacted by officials in several states, including Florida, Texas, California and South Carolina, who have expressed interest in creating similar registries. Jack Franks, a Democratic state representative in Illinois, said he plans to introduce a bill this week that is modeled on the Utah and Michigan measures.

Big Fines, Few Emails

The Utah registry1 took effect in July, and Michigan's2 in November. The laws bar email messages that advertise alcohol, tobacco, porn, gambling, firearms and illegal drugs. The registries were modeled after do-not-call lists designed to block telemarketers. In both states, a small company, Unspam Technologies Inc., won the contract to manage the registries.

The laws allow parents to bring civil suits against violators, and provide for damages of $1,000 per message in Utah and $5,000 per message in Michigan. Violators could also face criminal charges in each state, in addition to state fines.

Few email addresses have been placed on the state registries so far. Earlier this week, Utah's registry had 1,992 addresses, and 62 schools had registered their domain names to block emails to student accounts. About 160 companies had submitted their email lists for screening. In Michigan, 3,658 email addresses have been registered, along with 41 school domains. About 170 marketers had applied for screening. The states keep the addresses on their registries for two or three years, at which time they must be renewed.

The Utah Division of Consumer Protection has cited one Web site for allegedly violating the law. It says a Web site called HoneyI------TheBabysitter.com sent a sexually explicit email last month to an address on the registry, and the state is seeking a fine of up to $2,500. The site's owner couldn't immediately be reached for comment.

Michigan's attorney general's office is reviewing 54 complaints brought by consumers to determine if charges will be brought, a spokeswoman said.

Utah's attorney general, Mark Shurtleff, said the state pursued the legislation because "the feds aren't doing squat" on the spam problem. He added that Utah's law was written carefully so it would be valid under the federal Can-Spam Act of 2003, which allows marketers to send unsolicited messages as long as they follow certain guidelines, and limits state regulation. Mr. Shurtleff added that the state made compliance by companies "very, very cheap." In December, he filed a motion to dismiss the Free Speech Coalition's suit against Utah, and said the suit proved the porn industry's "real intent to force smut on our children."

FTC Fears, Utah Acts

Lawmakers in Utah and Michigan proceeded with the measures even though the Federal Trade Commission in 2004 expressed skepticism about such registries in a report to Congress. Besides casting doubt on the effectiveness of such laws, it said any list that earmarked addresses as belonging to or used by children would raise "very grave" privacy concerns. "The possibility that such a list could fall into the hands of the Internet's most dangerous users, including pedophiles, is truly chilling," it said. The agency reiterated its concerns last month in a report on Can-Spam's effectiveness.

Matthew Prince, chief executive of Park City, Utah-based Unspam, said the company uses security technology to protect the state registries. Companies submit their email addresses to a Web site, and the site returns an encrypted list of email addresses that appeared on the registry. Companies use special tools to decode the lists.

Dan Salsburg, assistant director of the FTC's division of marketing practices, said the agency is worried that a rogue employee at a marketing company could sell addresses obtained from such a registry. Unspam, for its part, said it takes steps to monitor whether the lists are being used inappropriately – for instance, it can place special addresses on the registries, and then monitor those mailboxes for signs of spam.

The Web site for the Utah registry warns: "While every attempt will be made to secure the Child Protection Registry, registrants and their guardians should be aware that their contact points may be at a greater risk of being misappropriated by marketers who choose to disobey the law."

Complex Compliance

Officials representing several trade groups said the laws create unfair financial burdens and logistical challenges for legitimate marketers, and fear the burdens could rise if more states adopt them.

Sometimes, marketers don't know the physical locations of email recipients, so they must pay to submit their entire marketing lists to Michigan and Utah.

Businesses are charged $7 for every 1,000 email addresses examined each month in Michigan, and $5 per 1,000 in Utah. Companies must have their lists examined once a month. A company with a list of 100,000 emails would pay $14,400 annually to have its list examined by both states. Unspam receives the majority of the revenue to administer the registry, and the rest goes to the state.

Compliance is "very expensive and very cumbersome" for some companies, said Jerry Cerasale, senior vice president for government affairs for the Direct Marketing Association, a trade group representing more than 5,000 companies.

Beverage Solutions, a Lake Forest, Ill., company that runs the Beer Across America and Cigar Affair mail-order clubs, must scrub lists totaling "a couple hundred thousand" addresses with each state, said Louis Amoroso, a partner in the company. He said it has been "very uncommon" to have a match appear on the lists.

"We don't even do business in the state of Utah," he said. But due to the way the law is written, the company worries it may face liability if, for example, a minor living in Utah signed up for its email newsletter. The Utah and Michigan laws do not exempt companies from liability even if a minor signed up to receive their emails.

The laws have forced many types of businesses -- such as sporting goods companies that sell firearms or hotels that have relationships with casinos -- to make sure they're complying with the laws, marketing industry executives said.

Some groups said they are worried about First Amendment implications of the laws. Lee Tien, a staff attorney for the Electronic Frontier Foundation, said the group is concerned about "content-based discrimination" and issues surrounding taxation of email. "We think it's a very bad way to try to regulate Internet speech," he said.