Several states have enacted Internet privacy laws. Since most crime is prosecuted in state courts rather than at the federal level, states have commonly tried to keep pace with the federal government’s protections. As a result, many have modeled e-mail privacy laws upon the federal Electronic Communications Privacy Act, such as New Jersey’s and Pennsylvania’s respective Wiretapping and Electronic Surveillance Control Acts. A number of other states protect children’s privacy online, much in the way that the federal Children’s Online Privacy Protection Act does. In another respect, state courts recognize common law claims involving the tort of invasion of privacy, so not all privacy rights depend upon statutory protections.
Demonstrating a strong approach to new technology issues, state legislatures have gone further than Congress in protecting e-mail privacy. Several states, such as Arkansas and Maryland, prohibit harassment through e-mail. A few address workplace concerns, with recent legislation emerging that protects employee rights. Under a Delaware law that took effect in August 2001, employers who monitor employee e-mail or Internet transmissions must inform workers about the monitoring before it begins.
Following the lead of pioneering legislation like Washington State’s 1998 law, at least eighteen states have passed laws restricting how e-mail may be used by companies that send unsolicited commercial messages to consumers. Popularly known as “spam,” this digital equivalent of junk mail has raised wide-spread concerns among private individuals who prefer not to receive it and companies that prefer not to pay the costs associated with processing it.
Anti-spam laws protect Internet service providers as well as consumers. Two of the toughest laws were passed in the late 1990s in Washington State and California. Washington State’s law forbids sending commercial e-mail messages using a third party’s domain name without permission, containing false or missing routing information, or with a false or misleading subject line. California’s law allows Internet Service Providers to sue companies that mail spam in violation of the service’s anti-spam policy, while also requiring spam to contain so-called opt-out instructions and clear labeling in the subject line describing the spam as an advertisement.
But state anti-spam laws have faced difficulties with enforcement as well as challenges to their constitutionality. Courts have reached different verdicts. In Ferguson v. Friendfinder, a San Francisco Superior Court judge ruled in June 2000 that key portions of California’s anti-spam law were violations of the federal constitution’s Commerce Clause. But in June 2001, the Washington Supreme Court upheld the constitutionality of its state anti-spam law: State of Washington v. Jason Heckel marked the first appeals court ruling on such cases. In October 2001, the U.S. Supreme Court declined to hear an appeal to the case, allowing the verdict to stand.