A federal statute, 18 U.S.C. § 1037, prohibits a variety of misleading electronic mail-related actions in commercial settings. These include instances in which a person who, with knowledge of doing so, "materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages" (prohibited by § 1037(a)(3)) or "registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names" (prohibited by § 1037 (a)(4)). Violators of these prohibitions may be punished by fines or imprisonment, or both.
A federal indictment charged that Michael Twombly and Joshua Eveloff violated §§ 1037(a)(3) and (a)(4). The government claimed that Twombly leased dedicated servers using an alias, including one server from Biznesshosting, Inc., and that shortly after it provided logon credentials to Twombly, Biznesshosting began receiving complaints regarding spam electronic mail messages originating from its network. These spam messages allegedly numbered approximately 1 million, followed several days later by another 1.5 million. The spam messages contained computer software advertising and directed recipients to the web site of a company with a Canadian address. The government maintained that this site was falsely registered under the name of a nonexistent business, and that the messages' routing information and "From" lines had been falsified. As a result, the government contended, recipients, Internet service providers, and law enforcement agencies were prevented from identifying, locating, or responding to the senders. When Biznesshosting investigated the complaints, it traced the spam to the server leased by Twombly. A search conducted by the FBI allegedly uncovered roughly 20 dedicated servers leased by Twombly using false credentials. According to the government, Twombly leased the servers for an unnamed person-later determined to be Eveloff-and received payment from that person for each set of logon credentials provided. Under the government's theory of the case, both Twombly and Eveloff caused the spam messages to be sent. Twombly and Eveloff moved for dismissal of the indictment on the ground that §§ 1037(a)(3) and (a) (4) were unconstitutionally vague. Did their argument have merit?