Court Says Sending Too Many Emails To Someone Is Computer Hacking

from the you-can't-be-serious dept

Okay, the courts are just getting out of hand when it comes to the Computer Fraud and Abuse Act (CFAA), which is supposed to be used against cases of malicious hacking. Most people would naturally assume that this meant situations in which someone specifically broke into a protected computing system and either copied stuff or destroyed stuff. And yet, because of terrible drafting, the law is broad and vague and courts are regularly stretching what the CFAA covers in dangerous ways.

The latest example, found via Michael Scott is that the Sixth Circuit appeals court has overturned a district court ruling, and is now saying that a labor union can be sued for violating the CFAA because it asked members to email and call an employer many times, in an effort to protest certain actions. Now some of the volume may have hurt the business, but does it reach the level of hacking? What’s really troubling is even just the focus on emails:

The e-mails wreaked more havoc: they overloaded Pulte’s system, which limits the number of e-mails in an inbox; and this, in turn, stalled normal business operations because Pulte’s employees could not access business-related e-mails or send e-mails to customers and vendors

So… because Pulte’s IT folks set up their email boxes such that they could only hold a certain number of emails, suddenly this raises to the level of “hacking”? That seems like a stretch, and you can definitely see how such a rule can and likely will be abused. Especially since the court made some very broad statements, including:

[We] conclude that a transmission that weakens a sound computer system?or, similarly, one that diminishes a plaintiff?s ability to use data or a system?causes damage.

Broad enough for you? I can see this ruling being cited in all sorts of abusive trials now.

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Court Says Sending Too Many Emails To Someone Is Computer Hacking”

Subscribe: RSS Leave a comment
162 Comments
Anonymous Coward says:

It seems like a pretty good ruling, because the intention of flooding the email was to limit it’s functionality and to cause the computer(s) in question to be of diminished use. While it isn’t a hack in the sense of breaking in, it isn’t anything other than a form of DoS – which is hacking in the legal sense.

Sorry Mike, you are out to lunch on this one too.

el_segfaulto (profile) says:

Re: Re:

Do you have any concept of how email systems work? I have our spam box setup to temporarily block an address if it sends more than 500 emails per second. There is simply no way that a group of people could send enough emails written by hand to cripple a system. It’s about time judges start hiring geeks to act as translators.

This case is more akin to those jackass merchants leaving a flier under my windshield wiper. It’s annoying but not illegal.

Anonymous Coward says:

Re: Re: Re:

Do I have a concept how email systems work? Umm, yeah.

First off, since email headers can (and usually are) faked, it isn’t hard for someone to send all those emails apparently from different addresses, with slight differences in subject line that would make it very hard to simply filter.

Second, your email server still has to process the mail. If you are using server based rule systems, the server still has to accept the connection, take the mail, process it, etc. If you are using “PC based rules” (spam filters in your local system) you still have to actually download all the mail from your email server and process it.

Third, a basic DoS attack is just overwhemling a computer with too many requests or too much traffic. If your PC is spending most of it’s time filtering spam, downloading messages, and not being available to do what you want, then the email is a DoS.

I have seen it done, it isn’t hard to tear down an email server and make it puke it’s internals on the floor from too much traffic. That is a basic DoS method.

blaktron (profile) says:

Re: Re: Re: Re:

You dont know a lot about Spam filtering do you? Most, if not all, enterprise spam filtering is done on a firewall, then the Exchange server looks over the non-spoofed messages and does a content scan, then it submits the email to the user’s inbox. If, as they claim, that the ‘inbox’s were being stuffed then the email system NEVER WENT DOWN. Which is funny, they just didnt have the manpower to read all the emails. Thats it. So apparently if you cause a company to have to hire more people to read paperwork, you are hacking. I guess lawyer filed motions are now illegal…

el_segfaulto (profile) says:

Re: Re: Re: Re:

But you’re evading the basic premise. 20 years ago 10,000 emails over the course of an hour would not have been enough to cripple a decent server. If we were talking about computer generated messages sent thousands of times per second I’d be on your side. But I stand by my original statement, there just isn’t a way for human beings to take down an email system without help, we’re simply not fast enough.

Anonymous Coward says:

Re: Re: Re:2 Re:

What basic premise? That sending more than a normal amount of emails to a system is enough to slow it down? That email, on a shared (and possibly already busy) server may be enough to deny access, or at least slow it?

I am not getting where you are going here. They sent the emails with the intention of loading down the system. That is pretty much a basic DoS, no matter how successful or not it is.

As for human power, would you care to explain how LOIC works?

Prisoner 201 says:

Re: Re: Re:3 Re:

Uh…

LOIC is automated, because no human has the will to refresh a web page 10 times per second for hours….

The whole point of LOIC is to make an impact by exceeding the parameters at which a human operates.

Following your line, demonstrating outside a business so that workers and customers are inconvenienced is also DoS and should be considered hacking?

Or to highlight – what if the business behaved like jerks and got tons of customer complaints. Would the angry customers then be sued for hacking? And is that reasonable?

btr1701 (profile) says:

Re: Re:

> It seems like a pretty good ruling, because
> the intention of flooding the email was to
> limit it’s functionality and to cause the
> computer(s) in question to be of diminished use

How do you know that was the intention?

Sounds to me like the intention was to show the company how many people are upset with their actions. Just like when Rush Limbaugh (or Michael Moore, to be non-partisan) exhorts his listeners to call their congressman about one thing or another. It’s not to overload the switchboard and bring business to a halt, but to make sure the politicians know the strength of public opinion.

Cletis says:

Re: Re:

It seems like a pretty ridiculous ruling, because the intention of flooding the email was NOT to limit its functionality or to cause the computer(s) in question to be of diminished use. Instead, the intention was merely to communicate, which is not illegal yet. It is also unreasonable to make this ruling based on the fact that a reasonable person would not expect that sending large numbers of emails would deleteriously impact either the individual receiving mailboxes or the servers that provide the mail service, so the intent to cause damage does not exist. It isn’t DoS, it isn’t B&E, and it isn’t even harrassment. The decision is groundless on its face and will be overturned.

Doug D (profile) says:

Re: Re:

This was my thought too. How about when Rush campaigns to have every one of his 10 Million + listeners call in and tell Congress what they think. He’s caused them untold headaches before.

On the other hand, the Union hired an autodialer to spam the voicemail. And when Pulte came to them 4 days later the union refused to stop. I think the email claims are garbage of a poorly designed network, but the phone may have been what pushed them over the line.

Anonymous Coward says:

Re: MoveOn

“[We] conclude that a transmission…that diminishes a plaintiff?s ability to use data or a system?causes damage.”

Under that logic, and assuming the brain is classified as a system, MoveOn could be sued for a multitude of infringements that diminish its constituents’ ability to use their systems… pretty much any time they say something.

Ninja (profile) says:

Jesus! I’ve just found out I’m a hacker!

I remember a time when I was trying to watch some streaming online and after a few reloads the servers went unresponsive! I need to hide!

/derp

If memory serves it was some fashion related event (back when streaming was actually in its infancy) and they had predicted x visitors but received 10x visitors and system went boom. 1.5 million simultaneous accesses if memory serves. All of them hackers!

ComputerAddict (profile) says:

Re: Re: judgement was sound

There doesn’t have to be a fire at all. the first amendment doesn’t say “freedom of speech, well except the words ‘fire’, ‘bomb’, ‘gun’, when expressed loudly in public places were that word doesn’t exist” it says “…Freedom of Speech…”

However you may be brought up on charges of inciting a riot, or inciting a panic, disturbing the peace kinds of laws. However you freedom of speech is uninhibited.

Harrekki (profile) says:

Re: judgement was sound

no one yelled fire, they said “stop doing (enter issue here) because it’s wrong”. since when were companies immune to the actions of free speech? As a citizen, I have to tolerate all kinds of free speech, like the abortion protestors who put up signs of dead babies and fetuses on busy highways where kids see it.

Since companies are people too, shouldn’t they have to put up with the excess of free speech, and if they can’t handle it, then stop what you are doing?

I believe If I tried to sue those protestors i would be laughed out of court, just as this ruling should have been.

Anonymous Howard, Cowering says:

Re: @#13 - judgement was sound

Wrong! Use of an autodialer doesn’t constitute hacking, even if the receiving PBX is computer-based, and even if no other calls can get through. Were that the case, anyone who calls your home phone becomes a hacker when a second caller receives a busy signal.

And wrong again! You can yell “fire” in a theater.
One permissible scenario: when there is a fire.

Two for two. Maybe you should try not facing sunward. Your vision seems to have been impaired.

Anonymous Coward says:

I’m sorry, but simply having a large number of people send in emails isn’t hacking. Would it be hacking if thousands of people wrote their Congressman on a certain issue or fans requested a show be brought back? It might be disruptive, but sometimes mass messaging is the only way to get the message that a lot of people care about something across.

Anonymous Coward says:

Re: Re: Quick, Everyone do this NOW.... finally a way to end spam (or at least profit privately from it)

We should all be able to get findings and judgements against all unwanted e-mail spam… which we can use to wallpaper out bathroom…

Ok, while it would be nice, the ones who should be held responsible will just disappear and re-appear with a new name and company and start the same crap over again….

codegrunt (profile) says:

Misleading article . . .I expect better of Techdirt

If you read the judgment or more accurate reports you will also see that the court says it’s not illegal access if a public network is used, and the union won this case.

http://www.out-law.com/page-12138

That said, no difference here between what the union did here any any other form of DDOS. Most “hacking” starts with human engineering. . .

aldestrawk says:

Re: Misleading article . . .I expect better of Techdirt

The posting in “out-law.com” misunderstood the court’s judgement. The court was addressing Pulte’s complaint where they claimed both a “transmission” and an “access without authorization” violation in the context of the CFAA. The appeals court agreed with the district court that the access portion of the claim was not valid as LIUNA had a right (i.e. was authorized to) make calls and send emails to Pulte. However, the appeals court reversed the district court’s decision and allowed the transmission claim.
Also, this case is not over. It has been remanded back to the district court.

That Anonymous Coward (profile) says:

Now I could see, if the union were aware that there was a limitation on the system, how this ruling would make sense.

Reading the backstory on the case, after 4 days the union was contacted by the company and asked to stop because it was harming the business. They continued. It could be that this point they entered into the arena of using a form of a Denial of Service attack on the company.

Having hired outside robodialers, this was infact the plan of attack the union wanted to use.

A limitation of the email accounts could be seen as a bad system design, but the goal the union had was to cripple the company. After they were aware they had the intended effect, they continued.

This is a delicate matter trying to balance the rights of people to protest, and the rights of a business to be in business.

When people picket, they get arrested if they harass people entering/exiting or block entranceways.

This protest effectively harmed the business by closing it down.

While the law itself might be to broadly worded, it seems like it might have been properly applied in this case. The company was fully aware of the complaints of the union, but continuing knowing that your causing actual harm to the business is just designed to punish the business that if done in real world terms would get you arrested.

But then I might be insane, the jury is still out.

That Anonymous Coward (profile) says:

Re: Re: Re:

And when your informed your damaging your target by continuing on the same course, we can just ignore that fact?

After 4 days of the systems, email & phone, being overloaded and the union being informed that they were causing damage to the business they are under no obligation to consider what they are doing is harmful?

They were not sued on day 1, 2, 3, or 4. They were sued after they knew that were causing damage to the business they targeted.

While the limits on the email system settings might be debatable, the union caused damage to the business by denying their ability to function. The union was informed of this fact, and continued to inflict harm on the business to make their point.

Did we think the first 100, 1000, 100000 emails were possibly missed?
Because I am sure the robodialer flooding every number for the business made sure to drive that home.

blaktron (profile) says:

Re: Re: Re: Re:

So which email was the problem? The 101st? The 1001st? The 100001st? Thats the issue. Also, the business was never harmed, they just didnt have the manpower to sort through their email. Thats what harmed the business, not the emails themselves. Notice the server was never brought down. If im emailing someone and they tell me to stop, and I keep emailing them, am I hacking their computer? No. This is most certainly harassment, but civil harassment, not ‘hacking’.

blaktron (profile) says:

Re: Re: Re:2 Re:

Basically if not having the staff to deal with the influx of communication was liability on the person sending the communication the ENITRE legal system would crumble. The best defense to any suit would be to fire your lawyer and say that the constant influx of motions and suits is harming your business because you dont have anyone to deal with it.

aldestrawk says:

Re: Re: Re: Re:

The cease and desist letter from Pulte said, vaguely, that the calls and emails “prevented Pulte?s employees from doing their jobs”. LIUNA, in fact, claimed in a court filing that they were not informed that their conduct was harmful to Pulte’s computer systems. The appeals court did not argue that LIUNA was informed. Their argument was that knowledge of damage was the wrong standard to show intent. The appeals court said that the proper standard was just to show that LIUNA intended to cause damage. The case has been remanded to the District Court, so the question of intent is still to be decided.

It is possible that LIUNA intended to harass Pulte with a limited DOS attack. It is also possible that DOS wasn’t their goal. You have to take a closer look at what was done.
LIUNA put out a call on their website to make calls to Pulte and to email them. They set up a pre-written letter which any member could click on and cause a separate email to be sent. LIUNA has 500,000 members. Even if all 500,000 sent an email this way, it would be hard to argue that that action was illegal. Such mass, topic oriented, email campaigns are done elsewhere, and should be protected under first amendment freedom of speech. Now, if a single person had caused hundreds, or thousands of emails to be sent, that would be a scenario accurately described as a DOS attack.
The use of an autodialer sounds suspicious. I do not know how it was used. It is possible that the autodialer was used similarly to the emails. The website could have allowed a member to click on a button that caused the autodialer to send a pre-recorded voice message to a Pulte phone number. That would not be much different than the email scenario and should also be protected under the first amendment. On the other hand, if the autodialer was programmed to just automatically, and continuously, call and leave messages, that would be a DOS attack.

An interesting aspect of this case is that even if this was a kind of DOS attack, the capabilities of the computer to resist such damage is taken into account. Pulte claims they had to “shut down their email in boxes”. I am sure what really happens is that once the box is full new incoming emails are automatically discarded. What if the email in-boxes were capable of handling 200,000 messages, would there still be a case? Pulte claimed they could not send emails. That is most certainly wrong. I suspect they were being intentionally vague in describing that they could not respond to emails because it took too much time to filter through the spam or were automatically discarded. If they could still send emails, would there still be a case? finally, any email client or server created in the last decade (at least) is capable of filtering out some spam. The easiest thing to filter out are identical messages all coming from the same address. Most of the emails were from the LIUNA server via their website trigger. If Pulte could have easily filtered out all those emails, why didn’t they and would there still be a case?

My suspicion is that both LIUNA and Pulte are harassing each other in anyway they can. The fact that Pulte is using the court system for a case that shouldn’t really exist may be legal but is unethical.

jenningsthecat (profile) says:

I could say the same thing about snail mail

Regarding ‘too many e-mails’, the court says:

“[We] conclude that a transmission that weakens a sound computer system ? or, similarly, one that diminishes a plaintiff?s ability to use data or a system ? causes damage.”

Regarding ‘too many advertising flyers’, I say:

“[We] conclude that a transmission that weakens a sound mailbox ? or, similarly, one that diminishes a plaintiff?s ability to use the mailbox or extract mail from it ? causes damage.”

Is there a fundamental difference here? I don’t think so. One claim is as silly as the other.

Anonymous Coward says:

but wouldn’t messages from employees be “business-related”

did i misunderstand? is the union not affiliated at all with the employer?

unless they were threatening, malicious… but at that point, shouldn’t the person sending the threats be liable?

why should the union be liable for the actions of its members… or is that one of the drawbacks of being a union?

I also fail to see how the law was broken.. even if it is read incredibly broad. The article makes it seem like the employees could still access and use the communication systems and that the system was working just as it should.

aldestrawk says:

Re: Re:

None of Pulte’s employees were members of LIUNA. LIUNA argued that the call and email campaign was part of their normal organizing efforts. That does not ring true and the appeals court pointed out that the sales office and 3 executives were the target and not potential union recruits. However, there should be a freedom of speech argument in allowing union members (500,000 of them) to voice their displeasure with a company seen as anti-union. The court is saying that collective campaign, organized by LIUNA, could be intended by them just as a form of harassment against Pulte. Since the form of harassment here affected Pulte’s computers negatively, that is a (civil, at least here) violation of the CFAA. Even a slowdown of the computer or forced discarding of incoming email is considered damage.

Anonymous Coward says:

The court never says anything about hacking

I agree that the CFAA is poorly drafted (and dangerously amended to include private computers–originally it was only addressed to government computers). But nowhere in the opinion does it say that the labor union conducting hacking, or that “sending too many emails to someone is computer hacking.” Hacking doesn’t even appear in the opinion.

The decision says the union violated the CFAA. You say that the CFAA is supposed to protect against hacking, but hacking doesn’t appear in the statute either.

Anonymous Coward says:

Re: The court never says anything about hacking

I agree that the CFAA is poorly drafted (and dangerously amended to include private computers–originally it was only addressed to government computers). But nowhere in the opinion does it say that the labor union conducting hacking, or that “sending too many emails to someone is computer hacking.” Hacking doesn’t even appear in the opinion.

The decision says the union violated the CFAA. You say that the CFAA is supposed to protect against hacking, but hacking doesn’t appear in the statute either.

Mike, of course, made up the part about “hacking” for effect. The court did not say it’s hacking. Did you expect any more from him? He blows most things out of proportion.

Any Mouse (profile) says:

Re: Amusing

Seriously, I had to laugh at this. Did they honestly believe that THIS would have been any deterrent? That wasn’t my definition of high pressure, and this was Phoenix, Arizona. In summer, from the looks of it. Yeah, umm… the worker’s joking quote in the subtext, too: ‘This wasn’t what we meant when we ask for drinking water on the job site.’ Assault or not, it was damn funny.

Matt Tate (profile) says:

Why has no one compared this to the idea of a sit-in? In the same way that a sit-in overloads normal operating procedures to inhibit business as a form of protest, this block emails from coming in (albeit unintentionally). The way I see it, this is just another form of protest.

Also, I remember a post that was probably on techdirt, but maybe not, that compared DDoS attacks to digital sit-ins.

Anonymous Coward says:

This is ridiculous. I would compare it to the sit in type of protests held during the civil rights era.

Yes, of course it’s meant to disrupt business. How else are you supposed to get their damn attention.

The point is it is a very peaceful and incredibly effective way to get your point across.

Maybe you should address the root cause of this protest instead of the protest itself. If a child is crying because it’s hungry do you spank the child for crying?

MobileSilence says:

FINALLY!

I think this is amazing. I’ve always been a bit miffed at those guys at my apartment network always taking up the bandwidth. My inability to successfully enjoy a game of internet monopoly was severely injured by their selfish use.

I’d also like to take this wonderful opportunity to personally attack those evil little trolls that build those awful flash enabled websites. Don’t they know those things are taxing on a 56k modem?

Mike says:

No different than a good old postal mail blitz

So if I and several thousand friends wrote actual letters, and mailed them via snail-mail (I know, I know, just work with me here….), and totally clogged someones mailbox to the point where they had trouble picking the legitimate business mail out from the piles and piles of angry letters, we’d be hacking that mailbox?
This is simply an e-version of that, and I don’t recall anyone ever being punished for mailing too many letters.

aldestrawk says:

Re: Please don't lie about the law.

There is no legal definition for the terms “hacking” and “hacker”. In fact, there is no agreed upon definition for hacking. I, as an aging software engineer, have my own preference, which corresponds closely to the original meaning of a skilled programmers actions. I have given up on that preference as I have recognized I cannot fight the direction that our language is going. Mike is using “hacking” in a very broad way. A way that reflects it’s very general use nowadays. Yes, there is no reference to “hacking” in the court case, but that does not mean he is lying about the law.

Andrew MacKie-Mason (profile) says:

Re: Re: Please don't lie about the law.

You’re creating a new standard that has absolutely no basis in the law, and then using it to criticize a ruling that was very much based in the law. It’s dishonest and indefensible. If you want to criticize the legal ruling, have the courage to do so within the scope of the law, nicely published online for your convenience, not what you have imagined the purpose of the law to be.

Mike Masnick (profile) says:

Re: Re: Re: Please don't lie about the law.

You’re creating a new standard that has absolutely no basis in the law, and then using it to criticize a ruling that was very much based in the law.

I did no such thing. The CFAA was designed to deal with computer hacking. It’s a descriptive term for what is in the law, including the types of hacking, which you describe in your article. The specific violations described within the CFAA are an attempt (weak one) by Congress to define illegal hacking.

It’s dishonest and indefensible.

Oh come on. It’s completely honest and very defensible. No need to get obnoxious over a difference of opinion.

. If you want to criticize the legal ruling, have the courage to do so within the scope of the law, nicely published online for your convenience, not what you have imagined the purpose of the law to be

I did. Honestly the only thing I find dishonest is your attempt to attack me because I didn’t use the magic words you wanted to hear. Sorry, but the law is an anti-hacking law. Saying that this qualifies under the law is the courts saying that this could be a form of hacking.

It’s not dishonest. And it’s most certainly defensible.

Andrew MacKie-Mason (profile) says:

Re: Re: Re:2 Please don't lie about the law.

“The CFAA was designed to deal with computer hacking. It’s a descriptive term for what is in the law, including the types of hacking, which you describe in your article. The specific violations described within the CFAA are an attempt (weak one) by Congress to define illegal hacking.”

Do you have any evidence whatsoever to back up this claim?

You decided, out of thin air, to use the word “hacking” to describe the crimes under the CFAA. You then wrote things and used quotation marks in such a way as to suggest that the word “hacking” was actually used by the court:

“Court Says Sending Too Many Emails To Someone Is Computer Hacking”

“So… because Pulte’s IT folks set up their email boxes such that they could only hold a certain number of emails, suddenly this raises to the level of “hacking”?”

Finally, you suggested that if it wasn’t “hacking” under some unspecified definition, then the court ruling must be wrong.

All of those things are lies.

In fact, the stated purposes of the CFAA include “to provide additional penalties for fraud and related activities in connection with access devices and computers,” which is certainly broader than “hacking.”

You don’t have a foot to stand on, which is unfortunate because there are so many easy and legitimate criticisms of the CFAA. But unfortunately, you chose to make a ridiculous one.

Stephen (profile) says:

Re: Re: Please don't lie about the law.

Yeah, they just forgot to use the word “hacking” when they were writing the anti-hacking legislation.

To be fair, if I was saying that a piece of writing was very much about something the lack of the authors using the word I thought it was about would make me somewhat less confident in my analysis.

nasch (profile) says:

Re: Re: Re: Please don't lie about the law.

To be fair, if I was saying that a piece of writing was very much about something the lack of the authors using the word I thought it was about would make me somewhat less confident in my analysis.

Here is a course about bumping uglies and getting knocked up. I’m quite confident of that despite the fact that the term “knocked up” appears nowhere in the course material.

Rich Kulawiec (profile) says:

The court has clearly never run an email server...

…whereas some of us have been running them for decades.

There is no doubt that an excess of messages is abusive, but “abusive” is not the same as “hacking”. “Abusive” (in the context of email) encompasses the sometimes-overlapping categories of mailbombing, forgery, spam, DoS attacks against SMTP, rapid-retry, etc. None of these qualify as hacking. Oh, they’re all reprehensible, like many other things that aren’t hacking either, but that doesn’t make them what the court imagines them to be.

Moreover, a read through this indicates that the company’s own profound incompetence is largely responsible for its troubles. It is a trivial matter for any minimally-clueful mail system administrator to deal with issues like this — many of us deal with them on a routine basis. Sometimes they’re the result of malicious action; sometimes they’re the result of somebody else’s screwup; sometimes they’re the result of a well-meaning but poorly conceived campaign, as appears to be the case here. But whatever the cause, dealing with the results is very easy, so much so that I think it reasonable to presume any competent mail system administrator would be ready for this and would only need to flick the switch, so to speak, to deal with the issue.

Of course one of the obvious, fundamental errors made by the mail system administrators shows up as early as page 3 of this ruling, where it states that the mail system “limits the number of emails in an inbox”. In a time when 2T drives cost much less than an hour of system admin time, that’s not just stupid, it’s set-yourself-on-fire stupid. While there is a reasonable argument to be made that the very largest email providers (e.g., gmail) may need count/size quotas, there is no such argument to made for the overwhelming majority of mail operations. (Yes, I’m well aware there are outliers. I’ve run some of them.) It is vastly more efficient, cost-effective, secure (mail quotas facilitate DoS attacks), and simple to add storage in almost every case.

The correct response from Pulte Homes is not to pursue this in court, but to fire their mail system admin(s) on the spot and replace them with individuals who possess at least minimal competence in the field.

Darren says:

Is an software update hacking?


[We] conclude that a transmission that weakens a sound computer system?or, similarly, one that diminishes a plaintiff?s ability to use data or a system?causes damage.

I have experienced a “transmission” in the form a Microsoft software update that stopped my “sound computer” from operating. Does that mean Microsoft is a hacker? Wow that is a broad statement.

killscar (profile) says:

The reality of it...

At its core this whole situation has nothing to do with the acts mentioned in the filing. If you do some digging you will see a long history of a tinkling war going on with Pulte and the Union (see my prior post video from 2007).

Everyone who agrees that this is hacking is wrong! There was no intention to disrupt systems, but to send a message. Sure, the bloat of emails and phone calls would slow some workers down but not to do harm to the company. As a previous poster stated this is no different than protesters standing in front of a store and a different poster referenced Limbaugh and Moore mobilizing their armies to action.

This is another case of a judge not understanding technology and not taking the time to educate themselves.

What the shocker here is that the Union lost, I thought they ran the country.

NamelessOne says:

OHHHHH CANADA

….i’m glad i don’t live in the wrecked justice system of America …THIS IS funny as hell….What is this guys email address again? I’ll forward a few emails to him form me and i dunno 1000000 Canadians….ya call that a hack.Same shit happened to MS over VB4.0 a decade ago and forced MS to make the stuff i make with the package mine and mine alone versus you make it with a ms tool they too can steal it.

NOW lets go forward to now and your telling me that if 30000 coders did this today we’d all be arrested as hackers for sending a single email….

WHAT A JOKE THE USA IS.
THIS IS NOT EVEN FUNNY ANYMORE.
I sincerely hope you don’t pay your debts and go right into bankruptcy big time.

killscar (profile) says:

Re: OHHHHH CANADA

What? Normally I abstain from correcting grammar as I think it’s petty. However, when you start bashing the land that I love I can’t hold back.

“forced MS to make the stuff i make with the package mine and mine alone versus you make it with a ms tool they too can steal it…” You make no sense. I understand the individual words but the combination in which you use them is perplexing!

Take your universal health care and Tim Hortons and stick it, ‘eh.

All in good fun! I do like Toronto.

NamelessOne says:

@25

you do realize that once ONE persons email reaches a limit you just get and use a second account and not make that public ….except to business clients….

I will add this doesn’t shut down the business it has phones and faxes and other communications no? was the union sending non stop faxes and telephone calls by the thousands constantly ..NO i see so it didn’t cripple the business just one email account hardly hacking…get a good email bomber and it don’t care what email accounts are there it will just hammer it to death THAT’S HACKING.

NOW when you send one email form 30000 people that shows you the union and its members are serious about some issue. NOW you have those mails you can auto block them and this does what then to said business….NOTHING. unless they all sent in minutes which they did not do.

AGAIN it was not a email bomb from a single person it was the union and its members. SO by your reasoning if said union said call this company that it would be hacking as the phone lines be all tied up. BOY OH BOY what a nasty police state world you live in …..control control control.

chris says:

Did the judge really call it a CFAA violation? Because that law has actually been pretty reasonably enforced, unlike the DMCA. There have been very few cases and most have been dismissed, for example Lori Drew.

It would be pretty hard to claim that sending e-mail to a server that was setup to accept mail from anyone was “unauthorized”.

NamelessOne says:

@40 then @43 then @45 then @46 then @53

@40
too bad none of what you said was done by said union and in fact as the article says all that was done was the union asking its members to email that address.
@43
and that’s why no spam filtering would work on this cause these were real people doing as they should email someone, if your going to raise taxes and are a politician do you think you want to only be able to get 10 email a day and then not use your account? HRMMMM me thinks someone really overreached authority here. Expect an appeal i would say. Other wise we in other nations will just laugh or heads off….
@45
actually when vb 4 was around there was 30000 coders whom banded together after MS said anything you make with said tool they owned too cause they made the tool….WE all emailed them once a day for a week personally and MS backed down …we were sending them the “message” NOT trying to damage but that its important to us….they not do what they were saying. IT worked and you make it its your software.report was MS servers fell 4 times in that week.
@46
So when open media got 446000 people to electronically sign a petition you think sending all our emails to the minister is a hack? NOW i SAY GOT YA ….its bad precedent to go down this road cause once people cant vent they go out into london streets and do what?
@53
the inbox was full via way of the email systems rules and no other email accounts had issues. GO FIGURE.

Mike (user link) says:

Intent

The important thing here is that the union undertook these actions with the intent of imparing the function of those systems affected.

If you are being mailed marketing material the intent is that your system works perfectly, so that you may receive more information or contact the vendor.

If you try to access a website and your traffic causes it’s service to diminish, your intent was to view some content on that web page.

The union did a number of things that made the intent of its efforts clear and that it was aware of the results of its actions. Requesting that it’s members send emails in a manner that would compromise the victims systems is essentially the same a DDOS attack, it’s just that part of the system is biological. They sent a message from a command system to other systems which then directed traffic to a particular machine with the idea that it would be negatively effected by this.

darryl says:

Intent, and yes it is a DOS attack plain and simple

DOS – Denial of service, it does not matter if it is PING’s or bulk email’s as has been said it is the INTENT of the actions, that intent was to deny a service to a company.

DDOS is illegal, call it what you will, hacking, cracking or straight out criminal activity. The result is the same.

What would have happened if this union decided to do that with the 000 (or 911) phone number ? and closed down that system.

Or the phone line of the ambulance or fire brigade ?

Dave says:

This is why you need lawyers

Actually, the article got the opinion wrong. The court merely said that given the definition of damage integrity and transmission, and taking as true all allegations that this company made, those allegations are sufficient to support all the necessary elements of the cause of action (Survive a 12(b)(6) motion). It says nothing about whether those allegations are valid.
When a court entertains a motion to dismiss for failure to state a claim, they basically take the complaint and, for the sake of the motion, take everything in it to be true (regardless of whether that is ACTUALLY the case). That’s what they did here. The definition they gave is obviously over broad, but that may be refined once the facts of the case become more apparent. Further, I don’t think its the definition of damage that matters so much as the definition of intent. I don’t think it will be possible, given the facts, to show that LIUNA actually intended to damage the system. Further, this sort of case seems like it will implicate the first amendment. In any case, the battle is clearly not over, and it sounds highly unlikely that Pulte is going to win.

This is why tech geeks need lawyers.

LivingInTheNegative says:

Does this apply to snailmail?

I wonder if the judges in this case have considered that this act is no different than local businesses flooding your mailbox with ads you didn’t ask for or want and then the mailperson leaves your mail at the post office instead of your box. If so, anyone else up to suing the USPS for hacking people’s mailboxes?

Edward Dijeau says:

If you can not e-mail them boycott their services and products.

The old stanby that has worked over the ages is “don’t buy from thieves”. if you feel they are treating customer, workers or suppliers unfairly then do not purchase their sevices or products. In a free economy, there are many suppliers out there you can do business with and if you are bound by a contract that penalizes you from witholding your payment and subscription, due pressess gives you your day in court to air the just reasons they have not fullfilled their part of the agreement. As a customer, refusing to take your E-mail is refusing service to air grievences and must be arbritrated or resolved in a court of law.

Carroll Straus (user link) says:

Case holding

I read the case. I am an attorney.

1.There is no mention of “hacking”
2.There was no ruling on the flood of emails–only permission to sue under the statute that addresses hard to computers. (This was a labor disute.)
3. The number of emails was huge and shut down Pulte’s system. Writing to CEOS will not shut down their systems.
4. If the same thing were done to Congress the same law would apply.

Release the email addresses!

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...