Court Says Sending Too Many Emails To Someone Is Computer Hacking

from the you-can't-be-serious dept

Okay, the courts are just getting out of hand when it comes to the Computer Fraud and Abuse Act (CFAA), which is supposed to be used against cases of malicious hacking. Most people would naturally assume that this meant situations in which someone specifically broke into a protected computing system and either copied stuff or destroyed stuff. And yet, because of terrible drafting, the law is broad and vague and courts are regularly stretching what the CFAA covers in dangerous ways.

The latest example, found via Michael Scott is that the Sixth Circuit appeals court has overturned a district court ruling, and is now saying that a labor union can be sued for violating the CFAA because it asked members to email and call an employer many times, in an effort to protest certain actions. Now some of the volume may have hurt the business, but does it reach the level of hacking? What's really troubling is even just the focus on emails:
The e-mails wreaked more havoc: they overloaded Pulte's system, which limits the number of e-mails in an inbox; and this, in turn, stalled normal business operations because Pulte's employees could not access business-related e-mails or send e-mails to customers and vendors
So... because Pulte's IT folks set up their email boxes such that they could only hold a certain number of emails, suddenly this raises to the level of "hacking"? That seems like a stretch, and you can definitely see how such a rule can and likely will be abused. Especially since the court made some very broad statements, including:
[We] conclude that a transmission that weakens a sound computer system—or, similarly, one that diminishes a plaintiff’s ability to use data or a system—causes damage.
Broad enough for you? I can see this ruling being cited in all sorts of abusive trials now.

Filed Under: cfaa, email, hacking

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Mike, 9 Aug 2011 @ 6:33pm


    The important thing here is that the union undertook these actions with the intent of imparing the function of those systems affected.

    If you are being mailed marketing material the intent is that your system works perfectly, so that you may receive more information or contact the vendor.

    If you try to access a website and your traffic causes it's service to diminish, your intent was to view some content on that web page.

    The union did a number of things that made the intent of its efforts clear and that it was aware of the results of its actions. Requesting that it's members send emails in a manner that would compromise the victims systems is essentially the same a DDOS attack, it's just that part of the system is biological. They sent a message from a command system to other systems which then directed traffic to a particular machine with the idea that it would be negatively effected by this.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.