{kun´ēzē}
popular
3.8974358974359 1 1 1 1 1 Rating 78%
05Sep2015

Kunena 4.0: Category autosubscription — is it legal?

Information
3393 hits Updated: 27 November 2018

Is auto­matic cate­gory sub­scrip­tion spam by another name?

Who can be pena­lised under anti-spam law?

The Kunena defence

Autosubscription vs. personal privacy

The Kunena development team has been working on a new feature (expected in a future release of K 4.0[1]) to automatically subscribe forum users so that they will receive emails whenever there is any forum activity on websites where Kunena is installed.  This article examines the legal implications of this feature as a core part of the Kunena framework.

In a previous article I wrote about autosubscription in terms of technical feasibility, design, viability and risk management.  Although it’s technically feasible to automatically subscribe all users to receive emails whenever a new topic or reply is posted on a web-based discussion forum like Kunena, there are a number of caveats if you intend to implement such a feature.  When I wrote my earlier article the Kunena team had no plans or intention to implement an autosubscription feature within Kunena.  The situation has changed and, aware of the risks that this may involve, the developers intend to add a new feature to the Kunena component that will give website owners the ability to automatically subscribe users of their websites to receive unsolicited content via email.

Update

At the time when this article was originally written, the Kunena development team had a strong intention to implement the autosubscription feature.  The proposal was unexplainably shelved.  The proposal has now been resurrected[2] to be included as a future release of K 5.1.x.

There are serious legal consequences of this idea that website owners need to be aware of and, in my opinion, that the Kunena developers have not properly considered.

Is automatic subscription merely spam by another name?

The commonly understood definition of spam is

Spamming:  unsolicited or undesired electronic messagesWikipedia, Spam

We all hate spam.  Even though there are countless definitions for the term, we each have our own clear understanding what “spam” means:  they’re those emails we never asked for, that contain material we’re not interested in getting and, worse, no matter how hard we try, we cannot completely prevent them without continually changing our email “identities” or throwing them all away in the junk mail bin.

Think about it:  how many people join a website and actually read the terms and conditions of use?  How many websites actually have a “terms and conditions” page?  Some people do read the website’s policy page or the registration form to see what information they are about to send about themselves.  Most of us know that, when we sign up to a site that offers “great deals” on items we may be interested in purchasing, we are opening ourselves to the potential for direct marketing.  Sometimes we may be interested in knowing about the latest DVD releases, wine-of-the-month specials or the current balance of our telephone account, etc.  It depends entirely on how (and why) you use the internet and how much time you have to actually read what you receive by email.

When we join a website, we should take care in learning about how our personal information will be used.  Some of us take that care; some of us, in completing the user registration form, think twice about checking the box that says “Would you like to be notified about forthcoming special events?” (which usually means, the site will periodically send you information by email).  So, what has this got to do with Kunena?  Good question and we will come to that soon enough.

The standard Joomla registration component does not have a setting that asks the question “Would you like to be notified about special events?”.  The standard Joomla registration form does not allow users to choose, as their preference, whether or not they will receive email from the website; it’s probably infeasible anyway:  Joomla sends confirmation emails as part of the registration procedure.  But should this confirmation procedure be the extent of the email involvement between a site and the users?  That's a different question but, in my opinion, the matter should be covered by the site’s terms of use and privacy policies.

If you do not knowingly and voluntarily agree to receive email from websites you register with then, potentially, any email automatically generated by these websites could be classed as spam unless your registration is subject to clearly defined contractual terms this email is a primary form of communication used in the site’s activities (including, but not limited to, the forum).

Ultimately, the definition of spam is a matter of individual judgement; forum-generated email may be meritorious to one person and meretricious (or simply junk) to another.  For this reason, each of us has the right to exercise our own discretion about what we allow others to send us and when they will be allowed to send those things.  When that discretionability is removed is the time when we become even more protective of our personal rights.  The next version of Kunena looks certain to defeat that discretionability in some cases and that is why this issue is important

If the Kunena developers proceed with their idea, from K 4.0.6 it will become possible for website owners to decide, without consulting within their own communities, what they will send to their users and when their users will receive those things by email.

Kunena is a Joomla component.  Just as there is no setting to allow users to choose not to receive email when they register at a site, Kunena has no setting to allow users to choose, for themselves if they do not want to receive email sent from the forum, either.  Users may decide to subscribe to forum topics or categories that they are interested in—this is known as “opt in” subscription.  With K 4.0.6 it will be possible for site owners to coerce their users’ subscriptions (potentially without their knowledge or consent) and disallow their users’ ability to opt out.  K 4.0.6 will bring a whole new level of direct marketing to Joomla websites.

In effect, K 4.0.6 will make it possible for site owners to send unsolicited email to their users.  Depending on how users ascertain the merit of automatic category subscription, this new feature may well become a curse more than a blessing.  I think the greater majority of people will view websites using autosubscription as nothing more than spam “canneries”.  If you are considering using the new autosubscription feature in Kunena I urge you to think very carefully about it.  I predict the new feature will become the centre of a range of new burdens for people who install Kunena on their websites notwithstanding the technical hurdles, questions and defects that people will find when they attempt to use it.  I doubt that the Kunena developers will even be thanked for this new idea.  Implementing this feature could be the end of your forum as you know it; K 4.0.6 is not the beginning of the end of Kunena as we know it; the end began a long time ago … this is just another chapter in a continuing tale of woe.

Who can be penalised under anti-spam law?

In the first instance, any website owner (or, in the case of corporations, any corporate official) can be prosecuted for violating local, national or international anti-spam laws.  It is the responsibility of the website owner to ensure that all electronic communications between the site and users of the site conform to the laws of the country where the site is registered.

While it is not always possible to prevent the generation of emails that may be considered as spam by a website’s users, the site’s owner can defend themselves against allegations of email “harassment” if they can prove that users “opted in” or that they agreed, by joining the website, it was a condition of membership that people would receive email notifications.  Notwithstanding the conditions-of-use or “opt in” defence, users must be able to easily opt out.  If, after people request to opt out, they continue to receive email, then the legal consequences (and penalties) for site owners increase.

Website owners cannot, for example, argue for dismissal of a legal tort or criminal action simply because they were unaware that the software used on their website could be used to generate spam.  They may argue mitigating circumstances if they can show that the software author did not clearly explain how and when the software could be legally be used.  In considering mitigating circumstances, a court of law may grant leave to the plaintiff to enjoin the software author as a co-respondent in the case; further, the software developer could be prosecuted as a co-defendant (in a criminal court) on the grounds of negligence or conspiracy to evade the law.

This is the murky legal area that the developers of Kunena are now entering.  Although a prima facie case can be brought against a website owner for generating spam email, the person(s) responsible for the design of the enabling software—in this case Kunena—could also become involved.

The Kunena defence

Jelle Kok—the person responsible for approving the design and implementation of the category autosubscription feature in Kunena—argues that

  1. the new setting Subscribe users to all categories will be disabled by default;
  2. that site owners can choose to enable autosubscription for selected categories;
  3. that B2B is exempt from unsolicited email; and
  4. a “message” will be displayed that the feature is “only allowed for B2B”.

Leaving aside the first of these arguments, the last two points are not true; it is merely a peremptory challenge to exempt “B2B”  from laws relating to the generation of unsolicited email —the challenge is based on a hunch and not on tested legal advice.

The discussion on this subject at Github demonstrates two things:  (a) the developers do not accept the reasonable advice given to them to abandon the inclusion of the autosubscription feature, and (b) they have not shown due diligence in providing comprehensive advice as to how (and when) the feature may be used.  Clearly, because lack of due diligence can be demonstrated, the Kunena development team is pressing ahead with the implementation of this idea with the full awareness that the software may contravene anti-spam law and international covenants on personal privacy.

Autosubscription vs. personal privacy

Article 13 of the European Parliament's (Directive on privacy and electronic communications) states:

Unsolicited communications

  1. The use of automated calling systems without human intervention (automatic calling machines), facsimile machines (fax) or electronic mail for the purposes of direct marketing may only be allowed in respect of subscribers who have given their prior consent.
  2. Notwithstanding paragraph 1, where a natural or legal person obtains from its customers their electronic contact details for electronic mail, in the context of the sale of a product or a service, in accordance with Directive 95/46/EC, the same natural or legal person may use these electronic contact details for direct marketing of its own similar products or services provided that customers clearly and distinctly are given the opportunity to object, free of charge and in an easy manner, to such use of electronic contact details when they are collected and on the occasion of each message in case the customer has not initially refused such use.
  3. Member States shall take appropriate measures to ensure that, free of charge, unsolicited communications for purposes of direct marketing, in cases other than those referred to in paragraphs 1 and 2, are not allowed either without the consent of the subscribers concerned or in respect of subscribers who do not wish to receive these communications, the choice between these options to be determined by national legislation.
  4. In any event, the practice of sending electronic mail for purposes of direct marketing disguising or concealing the identity of the sender on whose behalf the communication is made, or without a valid address to which the recipient may send a request that such communications cease, shall be prohibited.
  5. Paragraphs 1 and 3 shall apply to subscribers who are natural persons. Member States shall also ensure, in the framework of Community law and applicable national legislation, that the legitimate interests of subscribers other than natural persons with regard to unsolicited communications are sufficiently protected.
eur-lex.europa.eu, Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)

Under the Australian Privacy Act 1988:

APP7

... gives an individual the right to contact an organisation to:

  • request not to receive direct marketing communications from that organisation
  • request the organisation not to disclose their personal information to other organisations for the purposes of direct marketing, or
  • the organisation has provided a simple means by which the individual can opt out of direct marketing, and
  • in each direct marketing communication the organisation must include a prominent statement telling the individual that he or she may request to no longer receive direct marketing, and no request is made.
The organisation must comply with these requests within a reasonable period and free of charge.Office of the Australian Information Commissioner, Australian Privacy Principles

Undoubtedly there are other local, national and international covenants that prescribe personal rights to prevent websites transmitting unsolicited emails.  Any fair reading of the material I have referenced here should indicate that the principle of user opt-in/opt-out is paramount in the protection of personal privacy and, further, the use of software to evade the principle is heading towards a legal quagmire.  If nothing else, the implication is that there are questions still to be answered.

The Kunena developers seem to be oblivious to these laws; they have made no attempt to qualify how the new forum autosubscription feature will comply with the legal requirement.  They have made no genuine attempt to answer the questions put to them.

Conclusion

When I wrote my earlier article about autosubscription, I felt comfortable that the Kunena developers would never have implemented the inclusion of an automatic subscription feature without firstly consulting with the community and secondly checking the legal, ethical and technical viability before rushing headlong into murky unchartered territory.  There are many good reasons why autosubscription should not be included as a core feature of the Kunena component.  There are also good reasons why this kind of feature should not be created as an add-on (a module or a plugin, for example).  But of all the reasons why this feature should not be included, it is because of the apparent disregard bordering on contempt shown by the Kunena development team for the community as a whole.  This is the main reason why I think this autosubscription feature should be opposed.

The strategy is undefined and the plan is ill-conceived; there is no user documentation (and there probably never will be); it is high-risk and reckless; there has been no consultation with the community and this, to me, is the height of conceit.  Maybe the developers hope to salvage their lost reputation with another new gimmick, crash through any opposition that stands in their way or crash in the attempt?  Who knows.

From any impartial reading of the evidence, the autosubscription feature will enable, unregulated spam emails to be generated on websites where it is used.  Spam is not just a nuisance; it's illegal.

There is no simple opt-out-from-everything setting that the user can activate.  There may not even be an opt-out from autosubscription.

Autosubscription violates personal privacy; don’t accept assurances that it doesn’t.  Autosubscription probably will not work anyway but, even it it does, my recommendation is that you do not use it.  Finally, if you have any questions about category autosubscriptions, demand that the Kunena developers clearly explain why they are doing this in the first place and demand to see detailed, comprehensive user documentation.

[1]  The category autosubscription feature is marked as a K 4.0.6 milestone according to the discussion at GitHub:  Add settings for auto-subscribe cats for new users and uncomment it.  The Kunena team has not made any formal announcement about when the feature will be publicly available.

[2]  Add a button to subscribe users to categories/topics . There has similarly been no public discussion or announcement made by the Kunena development team.

About the author:

is a Joomla professional and former member of the Kunena project for more than 8 years—a substantial contributor to the original Kunena documentation project with over twenty thousand messages posted at the Kunena forum. The opinions expressed in this article are entirely those of the author. View his profile here.


Comments  
# John Har 08-Sep-2015 21:20
Surely the onus is on the admin regarding using the auto subscription feature. One does not sue the gun for the shots fired, nor the car for speeding. Technology and invention will always require a degree of competence on the part of the administrator, if there's a warning on the tin I see no reason to impose limitations on software.
Reply | Reply with quote | Quote
# sozzled 09-Sep-2015 06:05
Quoting John Har:
Surely the onus is on the admin regarding using the auto subscription feature. One does not sue the gun for the shots fired, nor the car for speeding. Technology and invention will always require a degree of competence on the part of the administrator, if there's a warning on the tin I see no reason to impose limitations on software.
I will make three short points in response to John Har's counter-argument:

1) One cannot own a weapon or drive a car unless one is licensed and trained in its use; that's part of the "conditions of use", if you like. There are regulations controlling the ownership (and discharge) of weapons and the use of cars. If, however, the weaponry and automobiles were modified from their original design specifications in ways that were illegal and then someone obtained "products" thus modified, where would the legal responsibility lie?

2) There may be nothing wrong or illegal in giving someone the instructions to create a tool whose usage may be illegal. Manufacturing and distributing such tools is a different proposition.

3) It's oversimplifying matters to discuss only the usage of Kunena as a direct marketing tool; in my earlier article I explained how to achieve this. The core issues here relate to the obligations on the Kunena development team to articulate:

  • why is this modification to K 4.0 being implemented in a "minor" release;
  • how will the developers engage with the community in supporting this new feature;
  • how do the team members intend to explain the legal responsibilities that extend from the use of the new feature; and
  • what support will the developers provide to rectify software defects and putative legal proceedings that may arise.

These are the questions that have fallen silent on the Kunena development team's ears.

Yes, it's true that one cannot sue the gun for the shots fired—a slightly absurd suggestion, we'd all agree—but we can hold the manufacturer accountable if the gun has been designed to cause extensive casualties and distributed to those not qualified to use it can't we?

Thanks for your response. My suggestion is that people ask for (or demand) clear, unambiguous guarantees from the Kunena developers ... and good luck getting a response from them!
Reply | Reply with quote | Quote
# Pierre 09-Apr-2016 01:55
Hi,
I have read both of your long articles and I disagree, for two reasons. First, is it really so wrong in building the functionality to realize opt-out rather than opt-in? It's about push vs. pull. Secondly, you obviously have no idea of all the different context the feature may be used in. Let the webmaster of each site decide.

I run a small private forum for a non profit organization with some hundred members. I would love the idea to be able to push out news on the forum via mail on some categories. Users may of course unsubscribe from these notifications, which I respect. The opt-out is not overruling your users, it's about to be able to set the default.

The solution right now is that we simply email our users news we believe are extra important. Noone has ever opposed. But it would be beneficial to originate the message on the forum and continue the discussion on the forum rather than in various not shared email threads.

Kind regards
Pierre
Reply | Reply with quote | Quote
Add comment
By submitting this form you agree to the site policy. All guest comments are subject to approval before they will be published.


Trending now