IN THE UNITED STATES DISTRICT COURT
WESTERN DISTRICT OF WASHINGTON
AT SEATTLE
UNITED STATES OF AMERICA,
Plaintiff,
v.
ROBERT ALAN SOLOWAY,
Defendant.
REPLY MEMORANDUM IN SUPPORT OF MOTION TO DISMISS COUNTS 19-25 OF THE SECOND SUPERSEDING INDICTMENT
The government largely responds to defendant's motion to dismiss Counts 19 through 25 by giving a general dissertation on spamming ("Spamming 101"). However, what the government has scrupulously avoided mentioning is that spamming is not unlawful. The CAN-SPAM Act of 2003 ("Controlling the Assault of Non-Solicited Pornography and Marketing Act"), which became effective January 1, 2004, established requirements regulating--but not banning--unsolicited bulk commercial electronic email (commonly known as spam). In its continuing effort to demonize Mr. Soloway, the government describes numerous malevolent spamming practices ("pernicious fraud and 'phishing' schemes, pornography, and a host of 'malware' that includes viruses, worms, trojans, and spyware" and "natural disaster and catastrophe fraud"), even though it knows that it lacks any evidence that Mr. Soloway was engaged in such activities.
-2-
Whether Mr. Soloway violated the CAN-SPAM Act is not the subject of this motion. What is the subject of this motion is whether or not Mr. Soloway committed aggravated identity theft. For the reasons set forth in the underlying motion, as well for the reasons hereinbelow set forth, it is clear that Mr. Soloway did not engage in aggravated identity theft to which that statute was intended to apply.
II.
ARGUMENT.
A. FORGING A HEADER IN AN EMAIL DOES NOT CONSTITUTE AGGRAVATED IDENTITY THEFT.
Mr. Soloway does not dispute that he sent bulk unsolicited emails that contained forged headers. That conduct, if it involved commercial email, is arguably prohibited by 18 U.S.C. §1037.' Mr. Soloway used a macro option in a lawful email sending software program that automatically replaced his email address in the header with the email address of the intended recipient of the email. A copy of the macro option is attached hereto as Exhibit A. Each email in which a recipient's email address was placed in both the "To" and the "From" portion of the header was unique, and only one email with this unique combination was transmitted to the recipient by Mr. Soloway. Despite repeated, but unsupported, claims by the government, Mr. Soloway did not send emails to third parties using anyone else's email address in the header. The macro option used by Mr. Soloway (See Exhibit A) was not capable of inserting an email address other than that of the recipient's email address in the "From" header.
[1 The CAN-SPAM Act, and 18 U.S.C. §1037 apply only to commercial electronic email.]
Nevertheless, we concede that this motion may not be ripe for determination due to the government's as yet unsupported claim to have evidence that Mr. Soloway did more
-3-
than simply substitute the recipient's email address for his email address in a header. The government has been long on rhetoric and short on evidence in advancing this claim. With the exception of Count 19, the government has not produced to the defense in discovery a single email which it claims was sent by Mr. Soloway to a third party using someone else's email address (someone other than the recipient) in the "From" portion of the header. If Mr. Soloway was sending out millions of such emails as the government alleges, surely there would be some evidence to support its claims of forged headers in emails to third parties. Yet, with the exception of count 19, the government has failed to produce even a single copy of such an email. The reason for the failure of production is clear: no such emails were transmitted by Mr. Soloway.
Count 19 refers to an individual identified by the initials R.M. The government has produced copies of three emails that appear to have been sent to R.M.'s wife which identify some form of R.M.'s domain name in the header as being the sender of the emails to his wife.' However, if Mr. Soloway was using R.M.'s domain name to send spam email to third parties, R.M. should have received hundreds or even thousands of "bounce backs" of emails that could not be delivered due to invalid email addresses. The government has produced no evidence of such bounce backs.
[2 Defendant believes that this occurred not as a result of anything intended by him, but rather as a result of some forwarding program between R.M's email and his wife's email. Both email domains were set up at the same time through the same ISP. The chances of this having occurred coincidentally are astronomical.]
The government does claim that T.C., who is identified in Count 20, received "bounce backs to his addresses and domain names, indicating to him that spam with his addresses forged in the 'from' header fields had been transmitted to others." However,
-4-
the government has not provided the defense with so much as a single copy of a bounce back message. T.C., like all of the people identified in the indictment, and like most people who have email addresses, received spam from more than one source. Lists of email addresses are routinely bought, sold, and traded over the internet, so if a person received spam from one source, it is likely that they also received spam from other sources as well. Thus, it is not enough for the government to proceed as though all spam on the internet came from Mr. Soloway. They must produce independent evidence to support each count of the indictment.
Although we acknowledge that the Court may not be able to resolve this motion at this time because of the government's claimed evidence of Mr. Soloway sending emails to third parties with forged headers, we believe that the Court can make an advisory ruling as to whether the narrow act of substituting a recipient's email address for Mr. Soloway's address in the header of an email constitutes aggravated identity theft pursuant to 18 U.S.C. §1028A. Such a ruling could help the parties determine whether a disposition short of trial in this case is possible.
B.
18 U.S.C. §1037(a)(3) PROSCRIBES DEFENDANT'S CONDUCT.
Under the government's theory, almost any violation of 18 U.S.C. §1037(a)(3) also constitutes aggravated identity theft. That is clearly not what Congress intended by the aggravated identity theft statute. The alleged "use" of someone's identity by inserting a person's email address in the "from" header of an email that is sent to the very same person is far too tenuous to come within the grasp of 18 U.S.C. §1028A. That statute was clearly intended to punish a person who uses another person's identity directly in connection with some fraudulent scheme (e.g., to open bank accounts, obtain loans or
-5-
credit, obtain employment, etc.). The only thing that occurred in this case as a result of the forged header was that an email may have avoided a spam filter. Surely, that is not what Congress had in mind when enacting 18 U.S.C. §1028A. Indeed, the legislative history makes it absolutely clear that this was not the kind of conduct intended to be subject to the severe enhanced penalties for "aggravated" "identity" "theft."
The government's response to the argument that Mr. Soloway's conduct is already covered by 18 U.S.C. §1037(a)(3) is typical. The government claims that it can charge Mr. Soloway's conduct under both statutes, not because it is the right thing to do, but rather because it has the unchecked power to do so. We disagree. If the statute is not broad enough to encompass the conduct alleged, then no amount of power will support such a charging decision.
Accordingly, we respectfully request the Court to find that merely substituting the recipient's email address for the sender's email address in the header of an email does not constitute aggravated identity theft in violation of 18 U.S.C. §1028A.
DATED this 19th day of February, 2008.
RICHARD J. TROBERMAN, P.S.
Richard J. Troberman
Attorney or Defendant
Robert Alan Soloway