If you bought a dildo in Denver, the government must legally be told

Or smut in South Dakota, Anarchist Cookbook in Alabama or Windows 10 in Wyoming

Online retailers in America will soon be required by law to disclose to state governments what purchases their customers – meaning, you – have made.

That extraordinary situation is the result of a long-running legal case that the US Supreme Court this week refused to hear. This means a decision by the Tenth Circuit [PDF] requiring out-of-state retailers to report to the Colorado state government the details of all purchases – including what that purchase was and who bought it – stands.

So if you bought a dildo in Denver, some bureaucrat is going to be informed about it.

Colorado is not the only state pushing the requirement. Vermont will also make the same requirement three months after Colorado starts imposing the law. And other states including Alabama, South Dakota, Tennessee and Wyoming have approved similar rules.

Unsurprisingly, businesses and privacy advocates are up in arms.

The executive director of NetChoice – a trade association of e-commerce businesses that includes eBay, PayPal, Google and Facebook as members – Steve DelBianco, said the decision "set the stage for a rude privacy shock to American consumers."

"State governments will receive data about residents' purchases, including personal health products and politically-themed books and movies," DelBianco noted.

The exec director of the American Catalog Mailers Association (ACMA), Hamilton Davison, is also extremely concerned. "Consumers, particularly those who buy from catalogs and e-commerce merchants, put considerable trust in the businesses from which they make the most personal of purchases," he noted. "This decision undermines this trust by requiring remote sellers to report to state tax collectors on the buying habits of their customers, including health care products, apparel or other sensitive items."


The idea behind the law is for state governments to be able to claim sales tax on purchases from companies that do not have a physical presence in the state.

With the explosion in e-commerce companies, particularly giants like Amazon, states that do not have such companies' corporate offices are losing out on what could be millions of dollars in sales tax.

Legally, the question has revolved around a "physical presence" requirement that was reached in a 1992 Supreme Court judgment (Quill Corp v North Dakota). Under that decision, it was mandated that sales tax obligations could only be applied to companies that were physically based in the state. But that was before the internet took off and the states are arguing that the law should no longer hold.

Three years ago, the Direct Marketing Association (DMA) challenged a Colorado law that obligated any company with sales over $100,000 – but which did not collect Colorado sales tax on sales to customers in the state – to provide the state government with annual reports specifying details of sales to specific customers.

The DMA said the law broke the Commerce Clause, and an Appeals Court agreed. So the state appealed to the Tenth Circuit, which refused to hear the case and punted it to the Supreme Court. The Supreme Court passed it back down to the Tenth Circuit which then made a ruling [PDF] in the state's favor, ie, out-of-state companies would have to report their sales to specific customers.

So the DMA appealed that decision to the Supreme Court and the Supreme Court this week refused to hear its appeal, or one from the State of Colorado that would have overturned the Quill physical presence requirement.


All that means that the Tenth Circuit decision stands, and companies like eBay and Amazon will have to start filing detailed reports on sales to the Colorado state government – as well as the other states that have passed similar rules (see above).

At the moment all of this has only really been noticed by the legal profession and e-commerce policy wonks, but as NetChoice executive director DelBianco noted, now that it is law, it's almost certainly going to come as a "rude privacy shock" to people living across the country.

While it is understandable that states want to make sure they aren't missing out on millions in sales tax thanks to online purchases, the end result is somewhat shocking and with online retailers resistant to the idea for obvious reasons, it's not entirely clear what's going to happen.

Given the Trump administration's willingness to go beyond what has been normally regarded as any red line, it is not inconceivable that anyone who purchases, say, a copy of the Koran could be placed on a watchlist.

For that reason, the law is almost certain to be challenged again and in short measure. Which means that although the Supreme Court has refused to hear this particular case, it can expect another on the issue to land at its door in 2017. ®

Other stories you might like

  • Cheers ransomware hits VMware ESXi systems
    Now we can say extortionware has jumped the shark

    Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months.

    ESXi, a bare-metal hypervisor used by a broad range of organizations throughout the world, has become the target of such ransomware families as LockBit, Hive, and RansomEXX. The ubiquitous use of the technology, and the size of some companies that use it has made it an efficient way for crooks to infect large numbers of virtualized systems and connected devices and equipment, according to researchers with Trend Micro.

    "ESXi is widely used in enterprise settings for server virtualization," Trend Micro noted in a write-up this week. "It is therefore a popular target for ransomware attacks … Compromising ESXi servers has been a scheme used by some notorious cybercriminal groups because it is a means to swiftly spread the ransomware to many devices."

    Continue reading
  • Twitter founder Dorsey beats hasty retweet from the board
    As shareholders sue the social network amid Elon Musk's takeover scramble

    Twitter has officially entered the post-Dorsey age: its founder and two-time CEO's board term expired Wednesday, marking the first time the social media company hasn't had him around in some capacity.

    Jack Dorsey announced his resignation as Twitter chief exec in November 2021, and passed the baton to Parag Agrawal while remaining on the board. Now that board term has ended, and Dorsey has stepped down as expected. Agrawal has taken Dorsey's board seat; Salesforce co-CEO Bret Taylor has assumed the role of Twitter's board chair. 

    In his resignation announcement, Dorsey – who co-founded and is CEO of Block (formerly Square) – said having founders leading the companies they created can be severely limiting for an organization and can serve as a single point of failure. "I believe it's critical a company can stand on its own, free of its founder's influence or direction," Dorsey said. He didn't respond to a request for further comment today. 

    Continue reading
  • Snowflake stock drops as some top customers cut usage
    You might say its valuation is melting away

    IPO darling Snowflake's share price took a beating in an already bearish market for tech stocks after filing weaker than expected financial guidance amid a slowdown in orders from some of its largest customers.

    For its first quarter of fiscal 2023, ended April 30, Snowflake's revenue grew 85 percent year-on-year to $422.4 million. The company made an operating loss of $188.8 million, albeit down from $205.6 million a year ago.

    Although surpassing revenue expectations, the cloud-based data warehousing business saw its valuation tumble 16 percent in extended trading on Wednesday. Its stock price dived from $133 apiece to $117 in after-hours trading, and today is cruising back at $127. That stumble arrived amid a general tech stock sell-off some observers said was overdue.

    Continue reading

Biting the hand that feeds IT © 1998–2022