Court Says Sending Too Many Emails To Someone Is Computer Hacking

from the you-can't-be-serious dept

Okay, the courts are just getting out of hand when it comes to the Computer Fraud and Abuse Act (CFAA), which is supposed to be used against cases of malicious hacking. Most people would naturally assume that this meant situations in which someone specifically broke into a protected computing system and either copied stuff or destroyed stuff. And yet, because of terrible drafting, the law is broad and vague and courts are regularly stretching what the CFAA covers in dangerous ways.

The latest example, found via Michael Scott is that the Sixth Circuit appeals court has overturned a district court ruling, and is now saying that a labor union can be sued for violating the CFAA because it asked members to email and call an employer many times, in an effort to protest certain actions. Now some of the volume may have hurt the business, but does it reach the level of hacking? What's really troubling is even just the focus on emails:
The e-mails wreaked more havoc: they overloaded Pulte's system, which limits the number of e-mails in an inbox; and this, in turn, stalled normal business operations because Pulte's employees could not access business-related e-mails or send e-mails to customers and vendors
So... because Pulte's IT folks set up their email boxes such that they could only hold a certain number of emails, suddenly this raises to the level of "hacking"? That seems like a stretch, and you can definitely see how such a rule can and likely will be abused. Especially since the court made some very broad statements, including:
[We] conclude that a transmission that weakens a sound computer system—or, similarly, one that diminishes a plaintiff’s ability to use data or a system—causes damage.
Broad enough for you? I can see this ruling being cited in all sorts of abusive trials now.

Filed Under: cfaa, email, hacking


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Prisoner 201, 9 Aug 2011 @ 12:21pm

    Re: Re: Re: Re: Re:

    Uh...

    LOIC is automated, because no human has the will to refresh a web page 10 times per second for hours....

    The whole point of LOIC is to make an impact by exceeding the parameters at which a human operates.

    Following your line, demonstrating outside a business so that workers and customers are inconvenienced is also DoS and should be considered hacking?

    Or to highlight - what if the business behaved like jerks and got tons of customer complaints. Would the angry customers then be sued for hacking? And is that reasonable?

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.