US fed spam law requires an opt-out mechanism, but what if the opt-out mechanism is exclusive & only for non-Tor users?
My credit union has been spamming me for years. As the volume of their bulk junk mail increases, I’m looking for a way out. Their email is HTML-only. So my text mail client only renders the raw text “To unsubscribe and stop receiving emails click here”. And “here” is obviously just text because it’s a text terminal.
Is that legal?
Suppose it is. So I dissect the HTML and fish out the link from a heap of garbage. The link does not go to the credit union’s website (if it did, that would be a non-starter anyway because I canceled my web account when they started blocking Tor). The link goes to a 3rd party site which also blocks Tor. So apparently as a precondition to opting out of spam I must share my personal IP address with a 3rd party agent of spam. Perhaps I can play whack-a-mole with a series of VPNs but I’m not interested. I just want to know if the opt-out procedure can legally be exclusive in this way. Can a legal challenge be mounted that forces them to provide an opt-out mechanism that’s inclusive?
The legal text is this:
(ii) clear and conspicuous notice of the opportunity under paragraph (3) to decline to receive further commercial electronic mail messages from the sender;
I don’t know the legal meaning of “clear and conspicuous”, so I’m not sure if nesting it in HTML satisfies that requirement. But it’s strange that they must merely give notice of the opportunity to opt-out, apparently without actually giving the opportunity to opt-out (just notice thereof IIUC).
I asked them in writing. It will be interesting to see if they comply.
To be clear, the purpose of the post is to understand the law (the forum being !law_us) because I want to fix this problem for everyone not just myself. I believe these digital rights abuses are so rampant because so few people step up to the plate to fix the problem for everyone. Most people just pragmatically fix the problem for themselves and move on. I want to understand the law to get an idea of the legal actionablity so that I can work out whether I have a pathway to force the CU to make their workflow with all customers legally compliant -- which would be a process I can recycle with other similar data abusers (other banks).
I blame Taylor Swift, telling people to “shake, shake, shake it off…” instead of fighting back.
When I visit the opt-out website and it simply prints on the screen “403 Forbidden”. No reason given¹. No recourse given. That is not giving opportunity. When they conceal the URL from some demographics of people, that is also withholding an opportunity to opt-out.
Let’s suppose the opt-out procedure were completely disclosed and fully transparent. Suppose they sent a properly formed email that reveals the opt-out procedure to everyone (inluding those with text-based MUAs). If they were to outright state something like “you must use our preferred network (clearnet, not Tor, not VPN, not CGNAT), you must share your personal IP address with a 3rd party with no expectation of privacy, and you must solve a series of CAPTCHA tests after traversing our cookie wall.” That would still be giving exclusive opportunity. IOW, not everyone has opportunity, just those who are both willing and able to dance for them. When strings are attached to the opt-out, that “opportunity” is conditional. I believe the law would have to specifically state that conditional opportunity is permissable. Otherwise the only valid interpretation of law (IIUC) is that the opportunity be unconditional. Hence my question.
If you believe arbitrarily conditional opportunity is lawful, what’s your limit? What if the procedure requires driving to a remote location, crossing a river with crockodiles, and running through an area with snakes and scorpions in order to reach a form (written in a blend of Mandarin and Apache) that you must fill out requesting an opt-out? Would you still regard that as giving opportunity?
¹ When I say that they are blocking people who are on the Tor network, that is merely my guess. A “403 Forbidden” can manifest for many reasons and in this case the site does not state why a 403 was pushed. But regardless of their undisclosed reason, when they lock someone out of their gate, it is of course denying opportunity to opt out.