US fed spam law requires an opt-out mechanism, but what if the opt-out mechanism is exclusive & only for non-Tor users?
My credit union has been spamming me for years. As the volume of their bulk junk mail increases, I’m looking for a way out. Their email is HTML-only. So my text mail client only renders the raw text “To unsubscribe and stop receiving emails click here”. And “here” is obviously just text because it’s a text terminal.
Is that legal?
Suppose it is. So I dissect the HTML and fish out the link from a heap of garbage. The link does not go to the credit union’s website (if it did, that would be a non-starter anyway because I canceled my web account when they started blocking Tor). The link goes to a 3rd party site which also blocks Tor. So apparently as a precondition to opting out of spam I must share my personal IP address with a 3rd party agent of spam. Perhaps I can play whack-a-mole with a series of VPNs but I’m not interested. I just want to know if the opt-out procedure can legally be exclusive in this way. Can a legal challenge be mounted that forces them to provide an opt-out mechanism that’s inclusive?
The legal text is this:
(ii) clear and conspicuous notice of the opportunity under paragraph (3) to decline to receive further commercial electronic mail messages from the sender;
I don’t know the legal meaning of “clear and conspicuous”, so I’m not sure if nesting it in HTML satisfies that requirement. But it’s strange that they must merely give notice of the opportunity to opt-out, apparently without actually giving the opportunity to opt-out (just notice thereof IIUC).
I asked them in writing. It will be interesting to see if they comply.
To be clear, the purpose of the post is to understand the law (the forum being !law_us) because I want to fix this problem for everyone not just myself. I believe these digital rights abuses are so rampant because so few people step up to the plate to fix the problem for everyone. Most people just pragmatically fix the problem for themselves and move on. I want to understand the law to get an idea of the legal actionablity so that I can work out whether I have a pathway to force the CU to make their workflow with all customers legally compliant -- which would be a process I can recycle with other similar data abusers (other banks).
I blame Taylor Swift, telling people to “shake, shake, shake it off…” instead of fighting back.