As a follow up, to my letter, I received the following:

> Thank you for reaching out about our research on the European Union General 
> Data Protection Regulation (GDPR) and the California Consumer Privacy Act 
> (CCPA). A component of the study involves requesting information from 
> websites about how they have implemented the consumer data access provisions 
> of the GDPR and the CCPA. Both the GDPR and CCPA provide for these types of 
> information requests. We would be glad to answer any questions you have about 
> the study goals, methods, and safeguards, and we welcome any additional 
> feedback you would like to provide.
> Sincerely,
> Jonathan

That was really the wrong response.  I responded explaining *exactly* how they 
are in violation of U.S. Federal law (CAN-SPAM), and I cc:ed the chair of the 
compsci department, and Princeton's general legal counsel.  If you are going to 
send something, please let it be soon so as to make clear that I'm not a single 
cartoony voice crying in the wilderness.

FWIW, here is the section of CAN-SPAM of which they are in violation:

‘‘§1037. Fraud and related activity in connection with electronic mail

‘‘(a) IN GENERAL.—Whoever, in or affecting interstate or foreign commerce, 
knowingly —

‘‘(2) uses a protected computer to relay or retransmit multiple commercial 
electronic mail messages, with the intent to deceive or mislead recipients, or 
any Internet access service, as to the origin of such messages,
‘‘(3) materially falsifies header information in multiple commercial electronic 
mail messages and intentionally initiates the transmission of such messages,
‘‘(4) registers, using information that materially falsifies the identity of 
the actual registrant, for five or more electronic
mail accounts or online user accounts or two or more domain names, and 
intentionally initiates the transmission of multiple commercial electronic mail 
messages from any combination of such accounts or domain names, or

...shall be punished as provided in subsection (b).

‘‘(2) a fine under this title, imprisonment for not more than 3 years, or both, 

‘‘(A) the offense is an offense under subsection (a)(1); ‘‘(B) the offense is 
an offense under subsection (a)(4)
and involved 20 or more falsified electronic mail or online user account 
registrations, or 10 or more falsified domain name registrations;
‘‘(C) the volume of electronic mail messages transmitted in furtherance of the 
offense exceeded 2,500 during any 24-hour period, 25,000 during any 30-day 
period, or 250,000 during any 1-year period;
‘‘(D) the offense caused loss to one or more persons aggregating $5,000 or more 
in value during any 1-year period;
‘‘(E) as a result of the offense any individual committing the offense obtained 
anything of value aggregating $5,000 or more during any 1-year period; or
‘‘(F) the offense was undertaken by the defendant in concert with three or more 
other persons with respect to whom the defendant occupied a position of 
organizer or leader;



Anne P. Mitchell,  Attorney at Law
Author: Section 6 of the Federal CAN-SPAM Law
Board of Directors, Denver Internet Exchange
Professor Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
mailop mailing list

Reply via email to