December 13, 2024

Michigan Debuts Counterproductive Do-Not-Spam List for Kids

The state of Michigan has a new registry of kids’ email addresses in the state. Parents can put their kids’ addresses on the list. It’s illegal to send to addresses on the list any email solicitations for products that kids aren’t allowed to buy (alcohol, guns, gambling, vehicles, etc.). The site has been accepting registrations since July 1, and emailers must comply starting August 1.

This is a kids’ version of the Do-Not-Email list that the Federal Trade Commission considered last year. The FTC decided, wisely, not to proceed with its list. (Disclosure: I worked with the FTC as a consultant on this issue.) What bothered the FTC (and should have bothered Michigan) about this issue is the possibility that unscrupulous emailers will use the list as a source of addresses to target with spam. In the worst case, signing up for the list could make your spam problem worse, not better.

The Michigan system doesn’t just give the list to emailers – that would be a disaster – but instead provides a service that allows emailers to upload their mailing lists to a state-run server that sends the list back after removing any registered addresses. (Emailers who are sufficiently trusted by the state can apparently get a list of hashed addresses, allowing them to scrub their own lists.)

The problem is that an emailer can compare his initial list against the scrubbed version. Any address that is on the former but not the latter must be the address of a registered kid. By this trick the emailer can build a list of kids’ email addresses. The state may outlaw this, but it seems hard to stop it from happening, especially because the state appears to require emailers everywhere in the world to scrub their lists.

If I lived in Michigan, I wouldn’t register my kid’s address.

UPDATE (July 13): A commenter points out that the Michigan program imposes a charge of $0.007 per address on emailers. I missed this fact originally, and it changes the analysis significantly. See my later post for details.

Comments

  1. You left out one important fact. Michigan charges $0.007 per address checked. Since a legitimate sender doesn’t usually know the location of an email address, this puts a significant cost on sending spam. On the other hand, this only applies to products that are illegal for minors to purchase: alcohol, tobacco, illegal drugs, gambling, pornography. Most of my spam does not fall into those categories.So there I’m right and your wrong!!!

  2. I am gay

  3. Michigan and Utah make it a computer crime to send statutorily prohibited content by commercial email to the registered email address of a minor (registered contact point).

    Both laws also allow for registration of domains.

    To comply, marketers must pay a monthly fee to scrub their e-mail lists against the registered contact points. The fee is based on the list size and not the number of contact points removed.

    A review of the legislative record clearly indicates both States wanted to pass laws to stop “spam” being sent to minors.

    The State legislatures also create a private right of action with significant statutory punitive damages.

    Two questions:

    * Are these laws superseded by the CAN SPAM Act of 2003?

    The laws expressly regulate commercial email. Paragraph 8 (b) (1) tell us that state laws which expressly regulate commercial email are superseded by the Act, except to the extent that these laws deal with falsity or deception in the commercial email or the headers.

    However, the States’ attorneys claim these laws fit within paragraph 8 (b) (2) which says the States are not precluded from passing laws not specific to email to the extent those laws relate to fraud and computer crime.

    * Do these laws represent an unreasonable burden on commercial speech?

    Both laws require that email list administrators who send commercial email containing statutorily prohibited content to their list members pay a monthly fee to the State.

    The laws state that the minor’s consent is not a defense. Utah’s law does not speak to the parent consenting. However, under the Michigan law, despite the Children Online Privacy Protection Act, the parent’s content to the minor receiving statutorily prohibited content is not a defense.

    Is this an unreasonable burden?

    Does it matter if the list administrator runs what is known in anti-spam circles as a confirmed opt-in mailing list; only adding an email address to their list when the member confirms that request and contractually requires under the list’s subscription terms that:

    * List members be at least 18 year’s old;

    * A minor may not have access to a list member’s subscribed email address; and

    * No one may remain a list member using an email address or a domain in an email address that is registered as a contact point for a minor under any law, regulation or rule?

    John Glube
    Toronto, Canada

  4. Michigan gives kids’ email addresses to spammers

    The state of Michigan has set up a database of children’s email addresses which it has invited parents to register with. The database will ostensibly be used to force bulk emailers to remove the addresses from their email lists before sending em…

  5. I sent the following comment to the folks at https://www.protectmichild.com/contact_us.html

    Others may wish to also let them know the opinion of the Internet as regards their policy.
    ——–
    This proposal is counterproductive and not well thought out. It allows spammers to filter their lists to contain only children’s emails (see http://www.freedom-to-tinker.com/?p=864 ) and it is over-broad, seeming to apply to personal communication as well.

    For example, a message linking to a site with pictures of fireworks (which also happened to include advertisements for purchasing fireworks) as for a 4th of July celebration, for example, would be illegal to send to an address listed on this list. If a friend of a child whose email was listed on this database sent such a message to them, that would be illegal.

    This wide applicability would therefore require anyone who sent any messages that may link to firework merchants to use the database. Do you have any idea * how many * messages go through the internet every day? If a small fraction of those messages had to go through MI’s Children Protection Registry it would cost the state millions of dollars in bandwidth fees alone.

    It is a unwise and counterproductive law, and should be quietly repealed.
    Thank you for your time and attention.
    —–

  6. if it costs, a possible business may recreate the list, and check for less! still, spamming children is expensive for domesitc businesses – if you hit an address on the list, it costs, checking costs too…

  7. That’s because of the brain damage caused by trying too hard to decipher the DMP World documents, resulting in a ruptured blood vessel in the cerebrum.

  8. A Reader says

    You left out one important fact. Michigan charges $0.007 per address checked. Since a legitimate sender doesn’t usually know the location of an email address, this puts a significant cost on sending spam. On the other hand, this only applies to products that are illegal for minors to purchase: alcohol, tobacco, illegal drugs, gambling, pornography. Most of my spam does not fall into those categories.

  9. Hey I’ve got a brilliant idea!

    Why not create a ‘Please Do Spam Me’ opt-in e-mail register?

    Michigan could probably afford the costs of offering a free bulk-mailing service to all addresses on the register.

    “Got spam? Send it to us and we’ll forward it on to those that want it. Feel free to send spam directly, but if you send it to people who aren’t on the list we’ll prosecute you.”

    Then Michigan can automatically require proof-of-age for anyone wishing to opt-in, and reject all children.

    That’d work.