In 2003, when Congress passed the CAN-SPAM Act to address unwanted electronic messages and to ensure that email senders do not mislead recipients, Dennis Dayman, CISO at Code42 (acquired by Mimecast), felt at the time that some of the language was unclear.
“Is a sender an email service provider? Or is the sender you or I? Is a sender a corporation that might be sending out certain messages that may not be related to marketing? And so we actually had to go back to the Federal Trade Commission, who is the authority in this, and say, ‘Hey, we need to get clarification,’” Dayman told IT Brew.
The FTC-enforced CAN-SPAM Act, ultimately defined ‘‘sender’’ as ‘‘a person who initiates [a commercial electronic mail] message and whose product, service, or internet website is advertised or promoted by the message.’’
In late June, in a 6–3 vote, the Supreme Court overturned a legal precedent that favored agency expertise and authority when courts face unclear congressional laws. The reversal of the so-called Chevron doctrine, established in 1984, means that “courts may not defer to an agency interpretation of the law simply because a statute is ambiguous,” according to the majority opinion written by Justice Roberts.
We asked legal experts and IT pros: What are the IT consequences of Chevron’s overruling?
Aaron Rose, security architect manager and vertical solutions for the office of the CTO at Check Point Software: One could say that we’re adding another layer of complexity here, because instead of just going to the agencies who are going to write the rules, and then enforcing them, we now have to have Congress write the laws so that the courts can interpret them—but Congress and the courts both are going to have to rely on those agencies for their domain expertise.
Adam Schwartz, partner at A&O Shearman: I think the biggest area of interest for me is this question of whether it actually chills agency behavior. And whether we see agencies that are charged with fulfilling the mandates of certain statutes and carrying out certain missions—important missions for the country—hesitating in some way or perhaps not being as bold in enacting the rules that they think are needed; that’s the point I’m watching. I think that’s the point that, if that really happens, we may want to figure out—especially in cybersecurity, which is a quickly changing environment and an important one—how to undo that.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
George Gerchow, faculty at IANS Research and head of trust at MongoDB: Like we just saw last week, the Supreme Court weighed in on the Solar Winds incident and pretty much dismissed almost all charges. And I think you’re going to see more and more of that. It just seems like the balance of power is going to the Supreme Court, which should settle disputes, but now it’s almost like they’re creating laws. And people who have somewhat of the expertise, like the SEC in this case, they’re not going to be able to weigh in as much; the Supreme Court could just turn something over.
Rose: We’ve been on this call now, for what—eight minutes, nine minutes? Cybersecurity has changed in the last eight or nine minutes. There’s something I’m out of date on; there’s some event that’s happened, there’s some new strain of malware or something that’s happening out there in the world. So it’s going to be a unique challenge, I think, for Congress and then for the courts, to create rulings, to create laws and be able to adapt quick enough, whereas the agencies have a lot more flexibility.
Schwartz: There’s a lot of writing about this already, that the loss of Chevron deference might make the agencies feel that they’re more prone to challenges, and could be ensnared in a lot more litigation, challenging each rule that they pass, which now applies a different test than it did for the last 40 years when evaluating whether the agency’s action was essentially legal. I just think it’s too early to say that that litigation will actually come and that it will also have the impact of chilling agency action in areas where we do want the agencies to take action.